CVE-2013-7248

Franklin Fueling Systems TS-550 evo <2.4.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-7248. PoCs published by Trustwave's SpiderLabs.

AI-analyzed exploit summary The advisory details two vulnerabilities in Franklin Fueling's TS-550 evo device: insufficient access control (CVE-2013-7247) allowing password hash retrieval and hardcoded technician credentials (CVE-2013-7248) enabling privilege escalation to roleDiag.

Description

Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Trustwave's SpiderLabs · textwebappshardware

https://www.exploit-db.com/exploits/31180

View Code ZIP pw:eip

The advisory details two vulnerabilities in Franklin Fueling's TS-550 evo device: insufficient access control (CVE-2013-7247) allowing password hash retrieval and hardcoded technician credentials (CVE-2013-7248) enabling privilege escalation to roleDiag.

Classification

Writeup 100%

Attack Type

Auth Bypass | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Franklin Fueling TS-550 evo (Firmware < 2.4.0)

No auth needed

Prerequisites: Network access to the device · Curl or similar HTTP client

MITRE ATT&CK

T1552 - Unsecured Credentials T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit x_refsource_misc

https://www.trustwave.com/spiderlabs/advisories/TWSL2014-001.txt

Scores

EPSS 0.0434

EPSS Percentile 89.9%

Details

CWE

CWE-255

Status published

Products (3)

franklinfueling/ts-550_evo

franklinfueling/ts-550_evo_firmware 2.0.0.6833

franklinfueling/ts-550_evo_firmware 2.3.1.7492

Published Jan 26, 2014

Tracked Since Feb 18, 2026