CVE-2019-13402

Name of the Vulnerable Software and Affected Versions Dynacolor FCM-MB40 version 1.2.0.0

Description The issue concerns an incomplete factory-reset process implemented by /usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on the affected device. This incompleteness can lead to a backdoor persisting because system accounts and the set of services are not properly reset during the factory reset process.

Recommendations For Dynacolor FCM-MB40 version 1.2.0.0, as a temporary workaround, consider restricting access to the /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi endpoint until a proper fix is available. Additionally, manually review and reset system accounts and services to ensure a complete factory reset. At the moment, there is no information about a newer version that contains a fix for this vulnerability.