Vulnerability Description
FURUNO FELCOM 250 and 500 devices use only client-side JavaScript in login.js for authentication.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Furuno | Felcom 250 Firmware | - |
| Furuno | Felcom 250 | - |
| Furuno | Felcom 500 Firmware | - |
| Furuno | Felcom 500 | - |
Related Weaknesses (CWE)
References
- https://cyberskr.com/blog/furuno-felcom.htmlExploitTechnical DescriptionThird Party Advisory
- https://gist.github.com/CyberSKR/34a8d6be7646a4bfd4df455f9f52500fThird Party Advisory
- https://cyberskr.com/blog/furuno-felcom.htmlExploitTechnical DescriptionThird Party Advisory
- https://gist.github.com/CyberSKR/34a8d6be7646a4bfd4df455f9f52500fThird Party Advisory
FAQ
What is CVE-2018-16590?
CVE-2018-16590 is a vulnerability with a CVSS score of 9.8 (CRITICAL). FURUNO FELCOM 250 and 500 devices use only client-side JavaScript in login.js for authentication.
How severe is CVE-2018-16590?
CVE-2018-16590 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-16590?
Check the references section above for vendor advisories and patch information. Affected products include: Furuno Felcom 250 Firmware, Furuno Felcom 250, Furuno Felcom 500 Firmware, Furuno Felcom 500.