Lucene search
PRIOn knowledge basePRION:CVE-2019-12776HistoryJun 07, 2019 - 4:29 p.m.
Hardcoded credentials
2019-06-0716:29:00
PRIOn knowledge base
www.prio-n.com
4
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocate_revB scripts copies the hardcoded key to the root user’s authorized_keys file, enabling anyone with the associated private key to gain remote root access to all affected products.
| CPE | Name | Operator | Version |
|---|---|---|---|
| datagate_mk2_firmware | eq | 70044 | |
| e-streamer_mk2_firmware | eq | 70044 | |
| pixelator_firmware | eq | 70044 | |
| storm_24_firmware | eq | 70044 |
References
Related
nvd
nvd
CVE-2019-12776
2019-06-07 16:29:00
cve
cve
CVE-2019-12776
2019-06-07 16:29:00
cvelist
cvelist
CVE-2019-12776
2019-06-07 15:06:30
ics
ics
ENTTEC Lighting Controllers (Update A)
2020-09-15 12:00:00