5 matches found
CVE-2019-12775
CVE-2019-12775 affects ENTTEC Datagate Mk2, Storm 24, Pixelator (firmware 70044_update_05032019-482 and prior). The issue enables high-privileged root access via sudo for the www-data/web-app user without proper access control, potentially allowing execution of high-privilege binaries/assets pres...
CVE-2019-12777
CVE-2019-12777 affects ENTTEC Datagate Mk2, Storm 24, Pixelator, and E-Streamer Mk2 firmware 70044_update_05032019-482, where startup scripts replace secure directory permissions with permissive rwxrwxrwx on /usr, /usr/local, /usr/local/dmxis, and /usr/local/bin. This is an Incorrect Permission A...
CVE-2019-12774
CVE-2019-12774 is a stored XSS vulnerability in ENTTEC Datagate Mk2 Web Configuration (70044_update_05032019-482). The issue allows an unauthenticated attacker to inject code via fields such as Profile Description in the Profile Editor. Affected product line includes Datagate Mk2 (and related dev...
CVE-2019-12776
The CVE-2019-12776 issue affects ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482, where a hard-coded SSH key enables remote root access. Root cause: hard-coded cryptographic key enabling SSH/SCP access to root via relocate/relocate_revB scripts...
CVE-2019-6542
The CVE-2019-6542 entry affects ENTTEC Datagate MK2, Storm 24, and Pixelator. All firmware versions prior to 70044 (Datagate MK2), 70050 (Storm 24), and 70060 (Pixelator) are affected. The vulnerability is Missing Authentication for a Critical Function (CWE-306): an unauthenticated attacker can i...