Incomplete Factory Reset Vulnerability in Dynacolor FCM-MB40 Products
CVE-2019-13402

8.8HIGH

Key Information:

Vendor: Fortinet
Status: Fcm-mb40 Firmware
Vendor: CVE Published:; 8 July 2019

Summary

The Dynacolor FCM-MB40 version 1.2.0.0 contains an incomplete implementation of the factory-reset process in its default.sh and hardfactorydefault.cgi scripts. This flaw allows a backdoor to persist through a reset, as the system accounts and services are not comprehensively restored to their default states. As a result, unauthorized access may be granted, posing significant risks to the security and privacy of users.

References

https://xor.cat/2019/06/19/fortinet-forticam-vulns/

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 8, 2019
Vulnerability Reserved
Jul 7, 2019