Fortinet : Security Vulnerabilities, CVEs, Published In July 2019

CVE-2019-13402

/usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because neither system accounts nor the set of services is reset.
Max CVSS
8.8
EPSS Score
0.11%
Published
2019-07-08
Updated
2020-08-24

CVE-2019-13401

Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/.
Max CVSS
8.8
EPSS Score
0.11%
Published
2019-07-08
Updated
2019-07-09

CVE-2019-13400

Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info.
Max CVSS
9.8
EPSS Score
0.77%
Published
2019-07-08
Updated
2020-08-24

CVE-2019-13399

Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation.
Max CVSS
5.9
EPSS Score
0.41%
Published
2019-07-08
Updated
2019-07-09

CVE-2019-13398

Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi (save parameter) and cgi-bin/ddns.cgi.
Max CVSS
9.0
EPSS Score
0.26%
Published
2019-07-08
Updated
2020-08-24
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close