10 matches found
CVE-2019-12775
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They allow high-privileged root access by www-data via sudo without requiring appropriate access control. Furthermore, the user account that controls the web...
ENTTEC Lighting Controllers (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: ENTTEC Equipment: Datagate Mk2, Storm 24, Pixelator, E-Streamer Mk2 Vulnerabilities: Use of Hard-coded Cryptographic Key, Cross-site Scripting, Improper Access Control...
CVE-2019-12774
A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...
Cross site scripting
A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...
CVE-2019-12774
A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...
Authentication flaw
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They allow high-privileged root access by www-data via sudo without requiring appropriate access control. Furthermore, the user account that controls the web...
CVE-2019-12774
A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...
Race condition
ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to 70044,70050,70060update05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition...
CVE-2019-6542
ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to 70044,70050,70060update05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition...
CVE-2019-6542
The CVE-2019-6542 entry affects ENTTEC Datagate MK2, Storm 24, and Pixelator. All firmware versions prior to 70044 (Datagate MK2), 70050 (Storm 24), and 70060 (Pixelator) are affected. The vulnerability is Missing Authentication for a Critical Function (CWE-306): an unauthenticated attacker can i...