PT-2018-13694 · Furuno · Furuno Felcom

Cyberskr

Published

2018-09-10

Updated

2019-10-03

CVE-2018-16705

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions FURUNO FELCOM versions 250 and 500

Description The issue allows unauthenticated access to the xml/permission.xml file, which contains system usernames and passwords, including Admin and Service user accounts with unsalted MD5 hashes, and the SMS server password in cleartext.

Recommendations For FURUNO FELCOM versions 250 and 500, restrict access to the xml/permission.xml file to prevent unauthorized access to sensitive system information. As a temporary workaround, consider disabling unauthenticated access to the device until a patch is available. Avoid using the device's default passwords and consider changing them to stronger, unique passwords.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-16705

Affected Products

Furuno Felcom

PT-2018-13694 · Furuno · Furuno Felcom

CVE-2018-16705

Weakness Enumeration

Related Identifiers

Affected Products

References · 3