Fortinet FortiCam FCM-MB40 – Multiple Vulnerabilities
In March of 2019 Aaron Blair (Cyber Security Analyst, RIOT Solutions) discovered five vulnerabilities in Fortinet’s FortiCam FCM-MB40 product.
The FortiCam FCM-MB40 software version which he found these vulnerabilities in was the latest version at the time (and at the time of posting this, still is), v220.127.116.11.
Since discovering these vulnerabilities he has been unable to get his hands on a Q2-H which is not branded as Fortinet. As such, he is unable to confirm whether the below vulnerabilities also apply directly to the Q2-H device. In saying that, he is reasonably confident that the majority of the vulnerabilities also affect the Q2-H.
As of the date of publication (2019-06-19), no fix for these issues has been released or announced by Fortinet or Dynacolor.
All five of these vulnerabilities are currently pending CVE assignment, and this page will be updated when they have been assigned.
The second (2), CVE-TBA-2, is a cross-site request forgery (CSRF) vulnerability which allows an attacker to fool a browser logged in as the “admin” user into forging requests which can reconfigure the FortiCam in any way that the “admin” user is able to from the web interface.
More information and detail on the five vulnerabilities can be found in Aarons Blog at https://xor.cat/2019/06/19/fortinet-forticam-vulns/