Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-12776

Опубликовано: 07 июн. 2019
Источник: nvd
CVSS3: 9.8
CVSS2: 10
EPSS Низкий

Описание

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocate_revB scripts copies the hardcoded key to the root user's authorized_keys file, enabling anyone with the associated private key to gain remote root access to all affected products.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:enttec:datagate_mk2_firmware:70044:05032019-482:*:*:*:*:*:*
cpe:2.3:h:enttec:datagate_mk2:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:enttec:storm_24_firmware:70044:05032019-482:*:*:*:*:*:*
cpe:2.3:h:enttec:storm_24:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:enttec:pixelator_firmware:70044:05032019-482:*:*:*:*:*:*
cpe:2.3:h:enttec:pixelator:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:enttec:e-streamer_mk2_firmware:70044:05032019-482:*:*:*:*:*:*
cpe:2.3:h:enttec:e-streamer_mk2:-:*:*:*:*:*:*:*

EPSS

Процентиль: 77%
0.01044
Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-798

Связанные уязвимости

github логотип

GHSA-4fhr-7v46-9fwm

CVSS3: 9.8
github
больше 3 лет назад

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocate_revB scripts copies the hardcoded key to the root user's authorized_keys file, enabling anyone with the associated private key to gain remote root access to all affected products.

EPSS

Процентиль: 77%
0.01044
Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-798