CVE-2017-6564
MEDIUMFranklin Fueling TS-550 evo Firmware 2.3.0.7332 - Unauthenticated Sensitive File Download via idSourceFileName Parameter
Title source: llmDescription
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks.
References (2)
Core 2
Core References
Technical Description, Third Party Advisory, URL Repurposed x_refsource_misc
http://www.u235.io/single-post/2017/05/01/Penetrating-Fuel-Management-Systems
Third Party Advisory x_refsource_misc
https://gist.github.com/Stick-U235/b187931f828e92866d09b9bdeb956ca2
Scores
CVSS v3
6.5
EPSS
0.0081
EPSS Percentile
52.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-862
Status
published
Products (1)
franklinfueling/ts-550_evo_firmware
2.3.0.7332
Published
May 01, 2017
Tracked Since
Feb 18, 2026