Fortinet FCM-MB40 Firmware 1.2.0.0

CPE Details

Fortinet FCM-MB40 Firmware 1.2.0.0
fortinet
fcm-mb40_firmware
1.2.0.0
2019-07-09
15h02 +00:00
2021-05-13
15h21 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:fortinet:fcm-mb40_firmware:1.2.0.0:*:*:*:*:*:*:*

Informations

Vendor

fortinet

Product

fcm-mb40_firmware

Version

1.2.0.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-13402 2019-07-07 22h02 +00:00 /usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because neither system accounts nor the set of services is reset.
8.8
High
CVE-2019-13401 2019-07-07 22h02 +00:00 Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/.
8.8
High
CVE-2019-13400 2019-07-07 22h02 +00:00 Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext. These credentials can be retrieved via cgi-bin/getuserinfo.cgi?mode=info.
9.8
Critical
CVE-2019-13399 2019-07-07 22h01 +00:00 Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation.
5.9
Medium
CVE-2019-13398 2019-07-07 22h01 +00:00 Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi (save parameter) and cgi-bin/ddns.cgi.
7.2
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.