CVE-2018-16705

CRITICAL

FURUNO FELCOM 250-500 - Info Disclosure

Title source: llm
STIX 2.1

Description

FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext.

References (2)

Core 2
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://cyberskr.com/blog/furuno-felcom.html

Scores

CVSS v3 9.8
EPSS 0.0157
EPSS Percentile 72.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-200
Status published
Products (2)
furuno/felcom_250_firmware
furuno/felcom_500_firmware
Published Sep 10, 2018
Tracked Since Feb 18, 2026