Описание
FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext.
Ссылки
- ExploitTechnical DescriptionThird Party Advisory
- Third Party Advisory
- ExploitTechnical DescriptionThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:furuno:felcom_250_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:furuno:felcom_250:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:furuno:felcom_500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:furuno:felcom_500:-:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00628
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext.
EPSS
Процентиль: 70%
0.00628
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200