CVE-2024-3720

Name of the Vulnerable Software and Affected Versions Tianwell Fire Intelligent Command Platform version 1.1.1.1

Description A critical issue has been found in the Tianwell Fire Intelligent Command Platform. This issue affects the API Interface component, specifically the /mfsNotice/page file. The manipulation of the gsdwid argument leads to SQL injection. The attack can be initiated remotely.

Recommendations For Tianwell Fire Intelligent Command Platform version 1.1.1.1, consider restricting access to the vulnerable API Interface component, specifically the /mfsNotice/page file, to minimize the risk of exploitation. Avoid using the gsdwid argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.