CVE-2026-1449
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
2Tags
Description
A flaw has been found in Hisense TransTech Smart Bus Management System up to 20260113. Affected is the function Page_Load of the file YZSoft/Forms/XForm/BM/BusComManagement/TireMng.aspx. Executing a manipulation of the argument key can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
SQL injection in Hisense TransTech Smart Bus Management System through version 20260113 allows unauthenticated remote attackers to manipulate the key parameter in the TireMng.aspx Page_Load function and execute arbitrary database queries. Public exploit code exists for this vulnerability, and the vendor has not provided a patch or responded to disclosure attempts. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Hisense TransTech Smart Bus Management System installations and document versions in use; implement network segmentation to restrict database access. Within 7 days: Deploy WAF rules to block SQL injection patterns on affected systems; conduct access control audit and disable unnecessary features if possible. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today