CVE Vulnerability

CVE-2018-16591

FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_changepassword.cgi and /cgi-bin/sm_sms_changepasswd.cgi.

10 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://gist.github.com/CyberSKR/2c30d964d48b5e1518ded88bd953b710 Third Party Advisory
https://cyberskr.com/blog/furuno-felcom.html Exploit Technical Description
Configurations

Configuration 1
Information

Published : 2018-09-10 05:29

Updated : 2020-08-24 05:37

NVD link : CVE-2018-16591

Mitre link : CVE-2018-16591

Products Affected
No products.
CWE
CWE-862