CVE-2018-16590
CRITICALFURUNO FELCOM 250 and 500 - Improper Authentication via Client-Side JavaScript
Title source: llmDescription
FURUNO FELCOM 250 and 500 devices use only client-side JavaScript in login.js for authentication.
References (2)
Core 2
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://cyberskr.com/blog/furuno-felcom.html
Third Party Advisory x_refsource_misc
https://gist.github.com/CyberSKR/34a8d6be7646a4bfd4df455f9f52500f
Scores
CVSS v3
9.8
EPSS
0.0236
EPSS Percentile
81.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (2)
furuno/felcom_250_firmware
furuno/felcom_500_firmware
Published
Sep 06, 2018
Tracked Since
Feb 18, 2026