top of page
perceptive_background_267k.jpg

A security flaw has been discovered in Tiandy Easy7 Integrated Management Platform 7.17.0. The affected element is an unknown function of the file /rest/devStatā€¦

Published:

16 maart 2026 om 23:00:00

Alert date:

17 maart 2026 om 15:03:40

Source:

nvd.nist.gov

Click to open the original link from this advisory

Enterprise Applications, Web Technologies

A SQL injection vulnerability has been discovered in Tiandy Easy7 Integrated Management Platform version 7.17.0. The vulnerability affects the /rest/devStatus/queryResources endpoint where manipulation of the areaId parameter leads to SQL injection. The attack can be performed remotely and public exploits are available. The vendor was contacted but did not respond to the disclosure.

Technical details

Mitigation steps:

Affected products:

Tiandy Easy7 Integrated Management Platform

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-4287
https://my.feishu.cn/docx/F68OduQq8oI2MdxmjHlch8u5n8f?from=from_copylink
https://vuldb.com/?ctiid.351292
https://vuldb.com/?id.351292
https://vuldb.com/?submit.771956

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page