Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password.
CPE | Name | Operator | Version |
---|---|---|---|
fsc-880_firmware | eq | 0.1.148-p2 |