4 matches found
CVE-2019-12775
CVE-2019-12775 affects ENTTEC Datagate Mk2, Storm 24, Pixelator (firmware 70044_update_05032019-482 and prior). The issue enables high-privileged root access via sudo for the www-data/web-app user without proper access control, potentially allowing execution of high-privilege binaries/assets pres...
CVE-2019-12774
CVE-2019-12774 is a stored XSS vulnerability in ENTTEC Datagate Mk2 Web Configuration (70044_update_05032019-482). The issue allows an unauthenticated attacker to inject code via fields such as Profile Description in the Profile Editor. Affected product line includes Datagate Mk2 (and related dev...
CVE-2019-12777
CVE-2019-12777 affects ENTTEC Datagate Mk2, Storm 24, Pixelator, and E-Streamer Mk2 firmware 70044_update_05032019-482, where startup scripts replace secure directory permissions with permissive rwxrwxrwx on /usr, /usr/local, /usr/local/dmxis, and /usr/local/bin. This is an Incorrect Permission A...
CVE-2019-12776
The CVE-2019-12776 issue affects ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482, where a hard-coded SSH key enables remote root access. Root cause: hard-coded cryptographic key enabling SSH/SCP access to root via relocate/relocate_revB scripts...