Incomplete Factory-Reset Process Allows Persistence of Backdoor on Dynacolor FCM-MB40 v1.2.0.0 Devices

Incomplete Factory-Reset Process Allows Persistence of Backdoor on Dynacolor FCM-MB40 v1.2.0.0 Devices

CVE-2019-13402 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

/usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because neither system accounts nor the set of services is reset.

Learn more about our Cis Benchmark Audit For Apache Http Server.