Xorcat

**Name of the Vulnerable Software and Affected Versions** Dynacolor FCM-MB40 version 1.2.0.0 **Description** The issue allows remote attackers to execute arbitrary commands by providing a crafted parameter to a CGI script. This can be achieved through sed injection in the `cgi-bin/camctrl save profile.cgi` endpoint, specifically the `save` parameter, as well as in the `cgi-bin/ddns.cgi` endpoint. **Recommendations** For Dynacolor FCM-MB40 version 1.2.0.0, consider restricting access to the `cgi-bin/camctrl save profile.cgi` and `cgi-bin/ddns.cgi` endpoints to minimize the risk of exploitation. Avoid using the `save` parameter in the `cgi-bin/camctrl save profile.cgi` endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dynacolor FCM-MB40 version 1.2.0.0 **Description** The issue concerns a hard-coded SSL/TLS key used in administrator SSL conversations. **Recommendations** For Dynacolor FCM-MB40 version 1.2.0.0, consider changing the hard-coded SSL/TLS key to a unique key for each device to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** Dynacolor FCM-MB40 version 1.2.0.0 **Description** The issue concerns the storage of administrative web-interface credentials in cleartext. Specifically, the credentials are stored in the /etc/appWeb/appweb.pass file. An attacker can retrieve these credentials via the "cgi-bin/getuserinfo.cgi?mode=info" API endpoint. **Recommendations** For Dynacolor FCM-MB40 version 1.2.0.0, consider restricting access to the cgi-bin/getuserinfo.cgi API endpoint to minimize the risk of exploitation. As a temporary workaround, limit the use of the administrative web interface until a more secure method of credential storage is implemented.

**Name of the Vulnerable Software and Affected Versions** Dynacolor FCM-MB40 version 1.2.0.0 **Description** The issue concerns a CSRF problem present in all scripts under the cgi-bin/ directory. **Recommendations** For Dynacolor FCM-MB40 version 1.2.0.0, consider implementing proper CSRF protection mechanisms, such as token-based validation, to prevent cross-site request forgery attacks on scripts under the cgi-bin/ directory. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Dynacolor FCM-MB40 version 1.2.0.0 **Description** The issue concerns an incomplete factory-reset process implemented by `/usr/sbin/default.sh` and `/usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi` on the affected device. This incompleteness can lead to a backdoor persisting because system accounts and the set of services are not properly reset during the factory reset process. **Recommendations** For Dynacolor FCM-MB40 version 1.2.0.0, as a temporary workaround, consider restricting access to the `/usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi` endpoint until a proper fix is available. Additionally, manually review and reset system accounts and services to ensure a complete factory reset. At the moment, there is no information about a newer version that contains a fix for this vulnerability.