Vulnerabilities > Fortinet > FCM Mb40 Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-07-08 CVE-2019-13402 Improper Cross-boundary Removal of Sensitive Data vulnerability in Fortinet Fcm-Mb40 Firmware 1.2.0.0
/usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process.
network
low complexity
fortinet CWE-212
8.8
8.8
2019-07-08 CVE-2019-13401 Cross-Site Request Forgery (CSRF) vulnerability in Fortinet Fcm-Mb40 Firmware 1.2.0.0
Dynacolor FCM-MB40 v1.2.0.0 devices have CSRF in all scripts under cgi-bin/.
network
low complexity
fortinet CWE-352
8.8
8.8
2019-07-08 CVE-2019-13400 Insufficiently Protected Credentials vulnerability in Fortinet Fcm-Mb40 Firmware 1.2.0.0
Dynacolor FCM-MB40 v1.2.0.0 use /etc/appWeb/appweb.pass to store administrative web-interface credentials in cleartext.
network
low complexity
fortinet CWE-522
critical
 9.8
9.8
2019-07-08 CVE-2019-13399 Use of Hard-coded Credentials vulnerability in Fortinet Fcm-Mb40 Firmware 1.2.0.0
Dynacolor FCM-MB40 v1.2.0.0 devices have a hard-coded SSL/TLS key that is used during an administrator's SSL conversation.
network
high complexity
fortinet CWE-798
5.9
5.9
2019-07-08 CVE-2019-13398 OS Command Injection vulnerability in Fortinet Fcm-Mb40 Firmware 1.2.0.0
Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi (save parameter) and cgi-bin/ddns.cgi.
network
low complexity
fortinet CWE-78
7.2
7.2