cbcvebase.
CVE-2023-5846
published 2023-11-02

CVE-2023-5846: Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the…

PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.28%
20.1th percentile
Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.

Affected

2 ranges
VendorProductVersion rangeFixed in
franklin_fueling_systemts-550< 1.9.23.89601.9.23.8960
franklinfuelingts-550_evo_firmware< 1.9.23.89601.9.23.8960

Detection & IOCsextracted from sources · hover to see the quote

  • Public Proof of Concept (PoC) exploit exists on Exploit-DB for CVE-2023-5846, authored by Parsa Rezaie Khiabanloo — search Exploit-DB for TS-550 credential decode PoC to obtain specific signatures.
  • Target detection on unauthenticated remote access attempts to Franklin Fueling System TS-550 devices running firmware versions prior to 1.9.23.8960; exploitation requires no authentication and low complexity over the network.
  • CVSS vector indicates network-accessible, no-auth, no-interaction exploit path — alert on any external network connections to TS-550 management interfaces.
  • ·All TS-550 firmware versions prior to 1.9.23.8960 are affected; patched version is exactly 1.9.23.8960 — use firmware version fingerprinting to identify vulnerable devices.
  • ·The vulnerability class is CWE-916 (Use of Password Hash with Insufficient Computational Effort), meaning admin credential hashes stored or transmitted by the device can be decoded — detection should focus on credential exposure rather than brute-force patterns.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.