Vulnerability Details CVE-2018-16705
FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
References
Products affected by CVE-2018-16705
-
cpe:2.3:h:furuno:felcom_250:-
-
cpe:2.3:h:furuno:felcom_500:-
-
cpe:2.3:o:furuno:felcom_250_firmware:-
-
cpe:2.3:o:furuno:felcom_500_firmware:-