VYPR

E-Streamer MK2

by Enttec

CVEs (3)

  • CVE-2019-12776CriJun 7, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocate_revB scripts copies…

  • CVE-2019-12775HigJun 7, 2019
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They allow high-privileged root access by www-data via sudo without requiring appropriate access control. (Furthermore, the user account that…

  • CVE-2019-12777HigJun 7, 2019
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They replace secure and protected directory permissions (set as default by the underlying operating system) with highly insecure read, write, and…