Unauthenticated SQL Injection Vulnerability in Faleemi FSC-880 00.01.01.0048P2 Devices
CVE-2017-14743 · HIGH Severity
AV:N/AC:M/AU:N/C:C/I:C/A:C
Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.