CVE-2018-16591

CRITICAL

FURUNO FELCOM 250 and 500 - Unauthenticated Password Change via sm_changepassword.cgi and sm_sms_changepasswd.cgi

Title source: llm
STIX 2.1

Description

FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_changepassword.cgi and /cgi-bin/sm_sms_changepasswd.cgi.

References (2)

Core 2
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://cyberskr.com/blog/furuno-felcom.html

Scores

CVSS v3 9.8
EPSS 0.0216
EPSS Percentile 80.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-862
Status published
Products (2)
furuno/felcom_250_firmware
furuno/felcom_500_firmware
Published Sep 10, 2018
Tracked Since Feb 18, 2026