Stick-U235/CVE-2017-6564 and CVE-2017-6565

## CVE-2017-6564 and CVE-2017-6565
>> [Suggested description]
>> On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices,
>> the Guest user, which contains the lowest privileges, can post to the
>> idSourceFileName parameter found within the /download directory. This
>> ability allows for an attacker to download sensitive system files from
>> the host machine such as databases which contain information that can
>> aid in further attacks.
>  CVE-2017-6564.

>> [Suggested description]
>> On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices,
>> the roleDiag user, which can be obtained by exploiting CVE-2013-7247,
>> has the ability to upload files to the server hosting the web service.
>> As no sanitization checks are in place, an attacker can upload a
>> malicious payload.
>  CVE-2017-6565.
- Stick
	>> [Suggested description]
	>> On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices,
	>> the Guest user, which contains the lowest privileges, can post to the
	>> idSourceFileName parameter found within the /download directory. This
	>> ability allows for an attacker to download sensitive system files from
	>> the host machine such as databases which contain information that can
	>> aid in further attacks.
	> CVE-2017-6564.

	>> [Suggested description]
	>> On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices,
	>> the roleDiag user, which can be obtained by exploiting CVE-2013-7247,
	>> has the ability to upload files to the server hosting the web service.
	>> As no sanitization checks are in place, an attacker can upload a
	>> malicious payload.
	> CVE-2017-6565.
	- Stick