CVE-2019-13398

Name of the Vulnerable Software and Affected Versions Dynacolor FCM-MB40 version 1.2.0.0

Description The issue allows remote attackers to execute arbitrary commands by providing a crafted parameter to a CGI script. This can be achieved through sed injection in the cgi-bin/camctrl save profile.cgi endpoint, specifically the save parameter, as well as in the cgi-bin/ddns.cgi endpoint.

Recommendations For Dynacolor FCM-MB40 version 1.2.0.0, consider restricting access to the cgi-bin/camctrl save profile.cgi and cgi-bin/ddns.cgi endpoints to minimize the risk of exploitation. Avoid using the save parameter in the cgi-bin/camctrl save profile.cgi endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.