Unauthenticated SQL Injection Vulnerability in Faleemi FSC-880 00.01.01.0048P2 Devices

Unauthenticated SQL Injection Vulnerability in Faleemi FSC-880 00.01.01.0048P2 Devices

CVE-2017-14743 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.