Storm 24 Firmware@70044 Security Vulnerabilities and Issues — Storm 24 Firmware@70044 CVE List

Lucene search

EnttecStorm 24 Firmware70044

4 matches found

CVE•added 2019/06/07 4:29 p.m.•54 views

CVE-2019-12775

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They allow high-privileged root access by www-data via sudo without requiring appropriate access control. (Furthermore, the user account that controls the web applica...

9CVSS8.9AI score0.00674EPSS

CVE•added 2019/06/07 4:29 p.m.•49 views

CVE-2019-12776

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocate_revB scripts copies the hardcoded key to...

10CVSS9.6AI score0.01044EPSS

CVE•added 2019/06/07 4:29 p.m.•48 views

CVE-2019-12774

A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044_update_05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description f...

6.1CVSS6.3AI score0.00489EPSS

CVE•added 2019/06/07 4:29 p.m.•47 views

CVE-2019-12777

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They replace secure and protected directory permissions (set as default by the underlying operating system) with highly insecure read, write, and execute directory pe...

7.8CVSS7.5AI score0.0003EPSS