CVE-2018-16591 — CRITICAL (9.8)

Vulnerability Description

FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_changepassword.cgi and /cgi-bin/sm_sms_changepasswd.cgi.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Furuno	Felcom 250 Firmware	-
Furuno	Felcom 250	-
Furuno	Felcom 500 Firmware	-
Furuno	Felcom 500	-

Related Weaknesses (CWE)

CWE-862

References

https://cyberskr.com/blog/furuno-felcom.htmlExploitTechnical DescriptionThird Party Advisory
https://gist.github.com/CyberSKR/2c30d964d48b5e1518ded88bd953b710Third Party Advisory
https://cyberskr.com/blog/furuno-felcom.htmlExploitTechnical DescriptionThird Party Advisory
https://gist.github.com/CyberSKR/2c30d964d48b5e1518ded88bd953b710Third Party Advisory

FAQ

What is CVE-2018-16591?

CVE-2018-16591 is a vulnerability with a CVSS score of 9.8 (CRITICAL). FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_chan...

How severe is CVE-2018-16591?

CVE-2018-16591 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-16591?

Check the references section above for vendor advisories and patch information. Affected products include: Furuno Felcom 250 Firmware, Furuno Felcom 250, Furuno Felcom 500 Firmware, Furuno Felcom 500.