CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-12776

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocate_revB scripts copies the hardcoded key to the root user's authorized_keys file, enabling anyone with the associated private key to gain remote root access to all affected products.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 76.5%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

Products affected by CVE-2019-12776

Enttec » Datagate Mk2 » Version: N/A

cpe:2.3:h:enttec:datagate_mk2:-
Enttec » E-Streamer Mk2 » Version: N/A

cpe:2.3:h:enttec:e-streamer_mk2:-
Enttec » Pixelator » Version: N/A

cpe:2.3:h:enttec:pixelator:-
Enttec » Storm 24 » Version: N/A

cpe:2.3:h:enttec:storm_24:-
Enttec » Datagate Mk2 Firmware » Version: 70044

cpe:2.3:o:enttec:datagate_mk2_firmware:70044
Enttec » E-Streamer Mk2 Firmware » Version: 70044

cpe:2.3:o:enttec:e-streamer_mk2_firmware:70044
Enttec » Pixelator Firmware » Version: 70044

cpe:2.3:o:enttec:pixelator_firmware:70044
Enttec » Storm 24 Firmware » Version: 70044

cpe:2.3:o:enttec:storm_24_firmware:70044

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-12776

Products

Pricing

Contact Us