EUVD-2026-12530
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Description
A weakness has been identified in Tiandy Easy7 Integrated Management Platform 7.17.0. The impacted element is an unknown function of the file /rest/devStatus/getDevDetailedInfo of the component Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
Tiandy Easy7 Integrated Management Platform 7.17.0 contains an SQL injection vulnerability in the /rest/devStatus/getDevDetailedInfo endpoint that allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. The vulnerability enables unauthorized access to, modification of, and disruption of sensitive data, with public exploit code already available. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running Tiandy Easy7 7.17.0 and isolate affected instances from production networks if possible; enable enhanced logging on the /rest/devStatus/getDevDetailedInfo endpoint. Within 7 days: Implement WAF rules to block malicious ID parameter payloads; restrict API endpoint access to authorized IP ranges only; conduct vulnerability scan to identify successful exploitation. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today