RSS   Vulnerabilities for 'Ts-550 evo firmware'   RSS

2017-05-01
 
CVE-2017-6565

CWE-862
 

 
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious payload.

 
 
CVE-2017-6564

CWE-862
 

 
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks.

 
2014-01-25
 
CVE-2013-7248

CWE-255
 

 
Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST.

 
 
CVE-2013-7247

CWE-264
 

 
cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST.

 

 >>> Vendor: Franklinfueling 2 Products
Ts-550 evo
Ts-550 evo firmware


Copyright 2024, cxsecurity.com

 

Back to Top