FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext.
References
Link | Resource |
---|---|
https://cyberskr.com/blog/furuno-felcom.html | Exploit Technical Description Third Party Advisory |
https://gist.github.com/CyberSKR/c00eabd6b1d5603d724b615ab358ff31 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-09-10T17:00:00
Updated: 2018-09-10T16:57:01
Reserved: 2018-09-07T00:00:00
Link: CVE-2018-16705
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-09-10T17:29:00.727
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-16705
JSON object: View
Redhat Information
No data.
CWE