Suggested description
The Furuno Felcom250 and Felcom500 devices allowed unauthenticated access to an XML file containing all of the system's usernames and passwords. This included the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext.
Vulnerability Type
Cleartext Password Disclosure
Vendor of Product
Furuno
Affected Product Code Base
Felcom500 - N/A
Felcom250 - N/A
Reference
https://gist.github.com/CyberSKR/c00eabd6b1d5603d724b615ab358ff31
https://cyberskr.com/blog/furuno-felcom.html