cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2019-13402,https://securityvulnerability.io/vulnerability/CVE-2019-13402,Incomplete Factory Reset Vulnerability in Dynacolor FCM-MB40 Products,"The Dynacolor FCM-MB40 version 1.2.0.0 contains an incomplete implementation of the factory-reset process in its default.sh and hardfactorydefault.cgi scripts. This flaw allows a backdoor to persist through a reset, as the system accounts and services are not comprehensively restored to their default states. As a result, unauthorized access may be granted, posing significant risks to the security and privacy of users.",Fortinet,Fcm-mb40 Firmware,8.8,HIGH,0.0017900000093504786,false,,false,false,false,,,false,false,,2019-07-08T00:02:20.000Z,0
CVE-2019-13401,https://securityvulnerability.io/vulnerability/CVE-2019-13401,Cross-Site Request Forgery Vulnerability in Dynacolor FCM-MB40 Devices,"Dynacolor FCM-MB40 devices, particularly version 1.2.0.0, are susceptible to Cross-Site Request Forgery (CSRF) vulnerabilities. This flaw exists in all scripts located under the cgi-bin directory, which could allow attackers to execute unauthorized commands on behalf of users. Proper measures should be taken to secure these devices and mitigate the risks associated with potential CSRF attacks.",Fortinet,Fcm-mb40 Firmware,8.8,HIGH,0.004430000204592943,false,,false,false,false,,,false,false,,2019-07-08T00:02:12.000Z,0
CVE-2019-13400,https://securityvulnerability.io/vulnerability/CVE-2019-13400,Cleartext Credential Exposure in Dynacolor FCM-MB40 by Dynacolor,"The Dynacolor FCM-MB40 device version 1.2.0.0 exposes administrative web-interface credentials in cleartext within the configuration file located at /etc/appWeb/appweb.pass. This flaw allows malicious actors to easily retrieve sensitive credentials through the vulnerable CGI script at cgi-bin/getuserinfo.cgi?mode=info, potentially compromising the device’s security.",Fortinet,Fcm-mb40 Firmware,9.8,CRITICAL,0.01331000030040741,false,,false,false,false,,,false,false,,2019-07-08T00:02:05.000Z,0
CVE-2019-13399,https://securityvulnerability.io/vulnerability/CVE-2019-13399,Hard-Coded SSL/TLS Key Vulnerability in Dynacolor FCM-MB40 Devices,"The Dynacolor FCM-MB40 devices version 1.2.0.0 exhibit a significant security flaw due to the presence of a hard-coded SSL/TLS key. This vulnerability compromises the confidentiality of the secure communications between the administrators and the devices, as the key used for encryption is fixed and can be easily exploited by attackers. Exploitation of this vulnerability could allow unauthorized access or data interception during SSL conversations, raising serious concerns regarding the overall security and integrity of the device.",Fortinet,Fcm-mb40 Firmware,5.9,MEDIUM,0.006169999949634075,false,,false,false,false,,,false,false,,2019-07-08T00:01:53.000Z,0
CVE-2019-13398,https://securityvulnerability.io/vulnerability/CVE-2019-13398,Remote Command Execution Vulnerability in Dynacolor FCM-MB40 Products,"Dynacolor FCM-MB40 devices running version 1.2.0.0 are susceptible to a remote command execution vulnerability, allowing attackers to execute arbitrary commands through specially crafted parameters targeting specific CGI scripts. Key scripts affected include cgi-bin/camctrl_save_profile.cgi and cgi-bin/ddns.cgi, which can be manipulated via sed injection techniques. This vulnerability presents a significant risk, potentially compromising device integrity and security.",Fortinet,Fcm-mb40 Firmware,7.2,HIGH,0.0036899999249726534,false,,false,false,false,,,false,false,,2019-07-08T00:01:43.000Z,0