CVE-2017-6564

Published: May 1, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks.

Affected (1)

Products: Franklinfueling: Ts 550 Evo Firmware

Franklinfueling

1 product

Ts 550 Evo Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Franklinfueling Ts 550 Evo Firmware	Version 2.3.0.7332

Running on/with	Platform Versions
Franklinfueling Ts 550 Evo	All versions

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

http://www.u235.io/single-post/2017/05/01/Penetrating-Fuel-Management-Systems

Source: cve@mitre.org

Technical DescriptionThird Party AdvisoryURL Repurposed

https://gist.github.com/Stick-U235/b187931f828e92866d09b9bdeb956ca2

Source: cve@mitre.org

Third Party Advisory

http://www.u235.io/single-post/2017/05/01/Penetrating-Fuel-Management-Systems

Source: af854a3a-2127-422b-91ae-364da2661108

Technical DescriptionThird Party AdvisoryURL Repurposed

https://gist.github.com/Stick-U235/b187931f828e92866d09b9bdeb956ca2

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.