Vulnerabilities > CVE-2017-6565 - Missing Authorization vulnerability in Franklinfueling Ts-550 EVO Firmware 2.3.0.7332

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
franklinfueling
CWE-862

Summary

On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious payload.

Vulnerable Configurations

Part Description Count
OS
Franklinfueling
1
Hardware
Franklinfueling
1

Common Weakness Enumeration (CWE)