CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
83.6%
Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST.
Vendor | Product | Version | CPE |
---|---|---|---|
franklinfueling | ts-550_evo_firmware | 2.0.0.6833 | cpe:2.3:o:franklinfueling:ts-550_evo_firmware:2.0.0.6833:*:*:*:*:*:*:* |
franklinfueling | ts-550_evo_firmware | 2.3.1.7492 | cpe:2.3:o:franklinfueling:ts-550_evo_firmware:2.3.1.7492:*:*:*:*:*:*:* |
franklinfueling | ts-550_evo | - | cpe:2.3:h:franklinfueling:ts-550_evo:-:*:*:*:*:*:*:* |