CVE-2018-16705

Name of the Vulnerable Software and Affected Versions FURUNO FELCOM versions 250 and 500

Description The issue allows unauthenticated access to the xml/permission.xml file, which contains system usernames and passwords, including Admin and Service user accounts with unsalted MD5 hashes, and the SMS server password in cleartext.

Recommendations For FURUNO FELCOM versions 250 and 500, restrict access to the xml/permission.xml file to prevent unauthorized access to sensitive system information. As a temporary workaround, consider disabling unauthenticated access to the device until a patch is available. Avoid using the device's default passwords and consider changing them to stronger, unique passwords.