Skip to main content

Felcom 250 Firmware

3 CVEs product

Monthly

CVE-2018-16705 CRITICAL POC Act Now

FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Felcom 250 Firmware Felcom 500 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-16591 CRITICAL POC Act Now

FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Felcom 250 Firmware Felcom 500 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-16590 CRITICAL POC Act Now

FURUNO FELCOM 250 and 500 devices use only client-side JavaScript in login.js for authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Felcom 250 Firmware Felcom 500 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

FURUNO FELCOM 250 and 500 devices allow unauthenticated access to the xml/permission.xml file containing all of the system's usernames and passwords. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Felcom 250 Firmware Felcom 500 Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Felcom 250 Firmware Felcom 500 Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

FURUNO FELCOM 250 and 500 devices use only client-side JavaScript in login.js for authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Felcom 250 Firmware Felcom 500 Firmware
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy