Sign-up

ID

VAR-201809-0552


CVE

CVE-2018-16705


TITLE

FURUNO FELCOM 250 and 500 Vulnerability in certificate / password management on devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-009807

DESCRIPTION

FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. This includes the Admin and Service user accounts and their unsalted MD5 hashes, as well as the SMS server password in cleartext. FURUNO FELCOM 250 and 500 The device contains a certificate / password management vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. FURUNO FELCOM 250 and 500 are shipborne communication equipment of Japan Furuno Electric Company. There is a security hole in the FURUNO FELCOM 250 and 500

Trust: 1.71

sources: NVD: CVE-2018-16705 // JVNDB: JVNDB-2018-009807 // VULHUB: VHN-127091

AFFECTED PRODUCTS

vendor:furunomodel:felcom 250scope:eqversion: -

Trust: 1.6

vendor:furunomodel:felcom 500scope:eqversion: -

Trust: 1.6

vendor:furuno electricmodel:felcom 250scope: - version: -

Trust: 0.8

vendor:furuno electricmodel:felcom 500scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-009807 // CNNVD: CNNVD-201809-446 // NVD: CVE-2018-16705

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-16705
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-16705
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201809-446
value: CRITICAL

Trust: 0.6

VULHUB: VHN-127091
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-16705
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-127091
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-16705
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-127091 // JVNDB: JVNDB-2018-009807 // CNNVD: CNNVD-201809-446 // NVD: CVE-2018-16705

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-127091 // JVNDB: JVNDB-2018-009807 // NVD: CVE-2018-16705

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-446

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201809-446

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009807

PATCH
title:フリートブロードバンドurl:https://www.furuno.com/jp/merchant/fleetbroadband/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-009807

EXTERNAL IDS
db:NVDid:CVE-2018-16705
Trust: 2.5
db:JVNDBid:JVNDB-2018-009807
Trust: 0.8
db:CNNVDid:CNNVD-201809-446
Trust: 0.7
db:VULHUBid:VHN-127091
Trust: 0.1
sources:
            
            
            VULHUB: VHN-127091 // 
            
            
            
            JVNDB: JVNDB-2018-009807 // 
            
            
            
            CNNVD: CNNVD-201809-446 // 
            
            
            
            NVD: CVE-2018-16705

REFERENCES
url:https://gist.github.com/cyberskr/c00eabd6b1d5603d724b615ab358ff31
Trust: 2.5
url:https://cyberskr.com/blog/furuno-felcom.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16705
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-16705
Trust: 0.8
sources:
            
            
            VULHUB: VHN-127091 // 
            
            
            
            JVNDB: JVNDB-2018-009807 // 
            
            
            
            CNNVD: CNNVD-201809-446 // 
            
            
            
            NVD: CVE-2018-16705

SOURCES
db:VULHUBid:VHN-127091
db:JVNDBid:JVNDB-2018-009807
db:CNNVDid:CNNVD-201809-446
db:NVDid:CVE-2018-16705

LAST UPDATE DATE
2024-11-23T22:30:17.751000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-127091date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-009807date:2018-11-28T00:00:00
db:CNNVDid:CNNVD-201809-446date:2019-10-23T00:00:00
db:NVDid:CVE-2018-16705date:2024-11-21T03:53:11.707

SOURCES RELEASE DATE
db:VULHUBid:VHN-127091date:2018-09-10T00:00:00
db:JVNDBid:JVNDB-2018-009807date:2018-11-28T00:00:00
db:CNNVDid:CNNVD-201809-446date:2018-09-11T00:00:00
db:NVDid:CVE-2018-16705date:2018-09-10T17:29:00.727