MEDIUM🇵🇱 Wersja polska

CVE-2017-6564

CVSS 6.5v3.0pub. 2017-05-01upd. 2026-05-13

On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • Franklinfueling Ts 550 Evo

    HW
    Franklinfueling
    wszystkie wersje
  • Franklinfueling Ts 550 Evo Firmware

    OS
    Franklinfueling
    2.3.0.7332
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-5846HIGH8.3ten sam produkt

Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin crede...

CVE-2021-46420HIGH7.5ten sam produkt

Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vuln...

CVE-2021-46421HIGH7.5ten sam produkt

Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulner...

CVE-2017-6565HIGH8.8ten sam produkt

On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploit...

CVE-2013-7248HIGH10.0ten sam produkt

Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded p...