Skip to content

Instantly share code, notes, and snippets.

@CyberSKR

CyberSKR/CVE-2018-16705.md

Last active September 10, 2018 13:12
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save CyberSKR/c00eabd6b1d5603d724b615ab358ff31 to your computer and use it in GitHub Desktop.
Save CyberSKR/c00eabd6b1d5603d724b615ab358ff31 to your computer and use it in GitHub Desktop.
Download ZIP
CVE-2018-16705 - The Furuno Felcom250 and Felcom500 devices allowed unauthenticated access to an XML file containing all of the system's usernames and passwords.
Raw
CVE-2018-16705.md

CVE-2018-16705

Suggested description
The Furuno Felcom250 and Felcom500 devices allowed unauthenticated access to an XML file containing all of the system's usernames and passwords. This included the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext.

Vulnerability Type
Cleartext Password Disclosure

Vendor of Product
Furuno

Affected Product Code Base
Felcom500 - N/A
Felcom250 - N/A

Reference
https://gist.github.com/CyberSKR/c00eabd6b1d5603d724b615ab358ff31
https://cyberskr.com/blog/furuno-felcom.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment