CVE-2021-46417

HIGH EXPLOITED NUCLEI

Franklinfueling Colibri Firmware - Path Traversal

Title source: rule

Description

Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580.

Exploits (2)

exploitdb WORKING POC

by Momen Eldawakhly · textremotelinux

https://www.exploit-db.com/exploits/50861

View Code ZIP pw:eip

nomisec WORKING POC

by Henry4E36 · remote

https://github.com/Henry4E36/CVE-2021-46417

View Code ZIP pw:eip

Nuclei Templates (1)

Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Local File Inclusion

HIGHVERIFIEDby For3stCo1d

Shodan: http.html:"Franklin Fueling Systems" || http.html:"franklin fueling systems"

FOFA: body="franklin fueling systems"

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/166610/FFS-Colibri-Controller-Module-1.8.19.8580-Directory-Traversal.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/166671/Franklin-Fueling-Systems-Colibri-Controller-Module-1.8.19.8580-Local-File-Inclusion.html

[Exploit, Third Party Advisory] https://drive.google.com/drive/folders/1Yu4aVDdrgvs-F9jP3R8Cw7qo_TC7VB-R

Scores

CVSS v3 7.5

EPSS 0.9217

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2023-11-17

CWE

CWE-22

Status published

Products (1)

franklinfueling/colibri_firmware 1.8.19.8580

Published Apr 07, 2022

Tracked Since Feb 18, 2026