14 matches found
CVE-2019-12774
A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...
CVE-2019-12775
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They allow high-privileged root access by www-data via sudo without requiring appropriate access control. Furthermore, the user account that controls the web...
CVE-2019-12777
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They replace secure and protected directory permissions set as default by the underlying operating system with highly insecure read, write, and execute directory...
EUVD-2019-4358
Malware in sbrugna...
ENTTEC Datagate Mk2 Cross-Site Scripting Vulnerability
The ENTTEC Datagate MK2 is a lighting controller from ENTTEC Australia. A cross-site scripting vulnerability exists in the Web Configuration feature in the ENTTEC Datagate Mk2 70044update05032019-482 release. The vulnerability stems from the WEB application lacking proper validation of client dat...
Cross site scripting
A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...
CVE-2019-12774
A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...
CVE-2019-12776
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocaterevB scripts copies the hardcoded key to...
CVE-2019-12775
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They allow high-privileged root access by www-data via sudo without requiring appropriate access control. Furthermore, the user account that controls the web...
CVE-2019-12774
CVE-2019-12774 is a stored XSS vulnerability in ENTTEC Datagate Mk2 Web Configuration (70044_update_05032019-482). The issue allows an unauthenticated attacker to inject code via fields such as Profile Description in the Profile Editor. Affected product line includes Datagate Mk2 (and related dev...
CVE-2019-12774
A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...
CVE-2019-6542
ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to 70044,70050,70060update05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition...
Race condition
ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to 70044,70050,70060update05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition...
PT-2019-18154 · Enttec · Enttec Pixelator +2
Name of the Vulnerable Software and Affected Versions: ENTTEC Datagate MK2 versions prior to 70044 ENTTEC Storm 24 versions prior to 70050 ENTTEC Pixelator versions prior to 70060 Description: The issue allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denia...