Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ts\-550_evo_firmware
(Franklinfueling)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 7 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-04-27 | CVE-2021-46420 | Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. | Ts\-550_evo_firmware | 7.5 | ||
| 2022-04-27 | CVE-2021-46421 | Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. | Ts\-550_evo_firmware | 7.5 | ||
| 2023-11-02 | CVE-2023-5846 | Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device. | Ts\-550_evo_firmware | 9.8 | ||
| 2017-05-01 | CVE-2017-6564 | On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks. | Ts\-550_evo_firmware | 6.5 | ||
| 2017-05-01 | CVE-2017-6565 | On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious payload. | Ts\-550_evo_firmware | 8.8 | ||
| 2014-01-26 | CVE-2013-7248 | Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST. | Ts\-550_evo, Ts\-550_evo_firmware | N/A | ||
| 2014-01-26 | CVE-2013-7247 | cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST. | Ts\-550_evo, Ts\-550_evo_firmware | N/A |