CVE-2013-7247
published 2014-01-26CVE-2013-7247: cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive…
PriorityP431medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.74%
84.3th percentile
cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| franklinfueling | ts-550_evo_firmware | — | — |
| franklinfueling | ts-550_evo_firmware | — | — |
| franklinfueling | ts-550_evo_firmware | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jp75-h3gc-7pw3: cgi-bin/tsaws
ghsa_unreviewed·2022-05-17
CVE-2013-7247 [MEDIUM] GHSA-jp75-h3gc-7pw3: cgi-bin/tsaws
cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST.
GHSA
GHSA-6523-39wf-j4g3: On Franklin Fueling Systems TS-550 evo 2
ghsa_unreviewed·2022-05-13·CVSS 5.0
CVE-2017-6565 [MEDIUM] CWE-862 GHSA-6523-39wf-j4g3: On Franklin Fueling Systems TS-550 evo 2
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious payload.
No detection rules found.
No writeups or analysis indexed.
2014-01-26
Published