CVE Vulnerability

CVE-2018-16705

FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://gist.github.com/CyberSKR/c00eabd6b1d5603d724b615ab358ff31 Third Party Advisory
https://cyberskr.com/blog/furuno-felcom.html Exploit Technical Description
Configurations

Configuration 1
Information

Published : 2018-09-10 05:29

Updated : 2019-10-03 12:03

NVD link : CVE-2018-16705

Mitre link : CVE-2018-16705

Products Affected
No products.
CWE
CWE-200