Unauthenticated SQL Injection in Faleemi FSC-880 Devices
CVE-2017-14743

8.1HIGH

Key Information:

Vendor: Faleemi
Status: Fsc-880 Firmware
Vendor: CVE Published:; 26 September 2017

What is CVE-2017-14743?

The Faleemi FSC-880 devices are susceptible to an unauthenticated SQL injection vulnerability through the Username element in an XML document sent to the /onvif/device_service endpoint. An attacker can exploit this flaw to access sensitive information, such as the administrator password, thereby compromising the security of the device and the network it operates on. This issue highlights the critical need for robust input validation in Internet of Things (IoT) devices to prevent unauthorized access.

References

https://medium.com/iotsploit/faleemi-fsc-880-multiple-sec...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 26, 2017

CVE-2017-14743 Data

JSON