### [CVE-2017-14743](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14743)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password.

### POC

#### Reference
- https://medium.com/iotsploit/faleemi-fsc-880-multiple-security-vulnerabilities-ed1d132c2cce

#### Github
- https://github.com/ARPSyndicate/cvemon