FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_changepassword.cgi and /cgi-bin/sm_sms_changepasswd.cgi.
References
Link | Resource |
---|---|
https://cyberskr.com/blog/furuno-felcom.html | Exploit Technical Description Third Party Advisory |
https://gist.github.com/CyberSKR/2c30d964d48b5e1518ded88bd953b710 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-09-10T17:00:00
Updated: 2018-09-10T16:57:01
Reserved: 2018-09-06T00:00:00
Link: CVE-2018-16591
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-09-10T17:29:00.587
Modified: 2020-08-24T17:37:01.140
Link: CVE-2018-16591
JSON object: View
Redhat Information
No data.
CWE