Vulnerabilities > Franklinfueling
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-27 | CVE-2023-5885 | Path Traversal vulnerability in Franklinfueling Colibri Firmware The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users. | 6.5 |
| 2023-11-02 | CVE-2023-5846 | Use of Password Hash With Insufficient Computational Effort vulnerability in Franklinfueling Ts-550 EVO Firmware 1.8.7.7299 Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device. | 9.8 |
| 2022-12-05 | CVE-2022-44039 | Incorrect Authorization vulnerability in Franklinfueling Colibri Firmware 1.9.22.8925 Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. | 9.8 |
| 2022-04-27 | CVE-2021-46420 | Path Traversal vulnerability in Franklinfueling Ts-550 EVO Firmware 2.23.4.8936 Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. | 5.0 |
| 2022-04-27 | CVE-2021-46421 | Path Traversal vulnerability in Franklinfueling Ts-550 EVO Firmware 1.8.7.7299 Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. | 5.0 |
| 2022-04-07 | CVE-2021-46417 | Path Traversal vulnerability in Franklinfueling Colibri Firmware 1.8.19.8580 Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580. | 7.8 |
| 2017-05-01 | CVE-2017-6565 | Missing Authorization vulnerability in Franklinfueling Ts-550 EVO Firmware 2.3.0.7332 On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. | 8.8 |
| 2017-05-01 | CVE-2017-6564 | Missing Authorization vulnerability in Franklinfueling Ts-550 EVO Firmware 2.3.0.7332 On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. | 6.5 |
| 2014-01-26 | CVE-2013-7248 | Credentials Management vulnerability in Franklinfueling Ts-550 EVO and Ts-550 EVO Firmware Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST. | 10.0 |
| 2014-01-26 | CVE-2013-7247 | Permissions, Privileges, and Access Controls vulnerability in Franklinfueling Ts-550 EVO and Ts-550 EVO Firmware cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST. | 5.0 |