VYPR

Datagate Mk2

by Enttec

CVEs (5)

  • CVE-2019-12776CriJun 7, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocate_revB scripts copies…

  • CVE-2019-12775HigJun 7, 2019
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They allow high-privileged root access by www-data via sudo without requiring appropriate access control. (Furthermore, the user account that…

  • CVE-2019-12777HigJun 7, 2019
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They replace secure and protected directory permissions (set as default by the underlying operating system) with highly insecure read, write, and…

  • CVE-2019-6542HigMar 28, 2019
    risk 0.49cvss 7.5epss 0.02

    ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to (70044,70050,70060)_update_05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition.

  • CVE-2019-12774MedJun 7, 2019
    risk 0.40cvss 6.1epss 0.01

    A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044_update_05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the…