Incomplete Factory-Reset Process Allows Persistence of Backdoor on Dynacolor FCM-MB40 v1.2.0.0 Devices
CVE-2019-13402 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
/usr/sbin/default.sh and /usr/apache/htdocs/cgi-bin/admin/hardfactorydefault.cgi on Dynacolor FCM-MB40 v1.2.0.0 devices implement an incomplete factory-reset process. A backdoor can persist because neither system accounts nor the set of services is reset.
Learn more about our Cis Benchmark Audit For Apache Http Server.