CVE-2019-13398

CWE-78 — OS Command Injection3 documents3 sources

Severity

7.2HIGH

EPSS

3.2%

top 13.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fcm-mb40 Firmware

Timeline

PublishedJul 8

Latest updateMay 24

Description

Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrl_save_profile.cgi (save parameter) and cgi-bin/ddns.cgi.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

▶NVDfortinet/fcm-mb40_firmware1.2.0.0

🔴Vulnerability Details

GHSA

GHSA-xg6r-4v3x-wfq6: Dynacolor FCM-MB40 v1↗2022-05-24

▶

CVEList

CVE-2019-13398: Dynacolor FCM-MB40 v1↗2019-07-08

▶