Skip to content

Instantly share code, notes, and snippets.

@CyberSKR CyberSKR/CVE-2018-16705.md
Last active Sep 10, 2018

Embed
What would you like to do?
CVE-2018-16705 - The Furuno Felcom250 and Felcom500 devices allowed unauthenticated access to an XML file containing all of the system's usernames and passwords.

CVE-2018-16705

Suggested description
The Furuno Felcom250 and Felcom500 devices allowed unauthenticated access to an XML file containing all of the system's usernames and passwords. This included the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext.


Vulnerability Type
Cleartext Password Disclosure


Vendor of Product
Furuno


Affected Product Code Base
Felcom500 - N/A
Felcom250 - N/A


Reference
https://gist.github.com/CyberSKR/c00eabd6b1d5603d724b615ab358ff31
https://cyberskr.com/blog/furuno-felcom.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.