CVE-2018-16705
N/A
N/A
Summary
FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://cyberskr.com/blog/furuno-felcom.html
- https://gist.github.com/CyberSKR/c00eabd6b1d5603d724b615ab358ff31
References
- https://cyberskr.com/blog/furuno-felcom.html
- https://gist.github.com/CyberSKR/c00eabd6b1d5603d724b615ab358ff31
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.