ENTTEC Pixelator Firmware 70044 05032019-482
Approved changes feed: RSS · Atom
cpe:2.3:o:enttec:pixelator_firmware:70044:05032019-482:*:*:*:*:*:*
part: o version: 70044 update: 05032019-482
| Vendor | Enttec (aa1e08a6-fe8f-539f-babe-53fa3e173d2f) |
|---|---|
| Product | Pixelator Firmware (c1e817ed-4bc2-55c3-986c-8269b9da5e1f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-12777 |
vulnerable | 2026-06-08 05:12:40.473848 |
Details available
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They replace secure and protected directory permissions (set as default by the underlying operating system) with highly insecure read, write, and execute directory permissions for all users. By default, /usr/local and all of its subdirectories should have permissions set to only allow non-privileged users to read and execute from the tree structure, and to deny users from creating or editing files in this location. The ENTTEC firmware startup script permits all users to read, write, and execute (rwxrwxrwx) from the /usr, /usr/local, /usr/local/dmxis, and /usr/local/bin/ directories.
Published: 2019-06-07T15:06:42.000Z
Updated: 2024-08-04T23:32:55.207Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12776 |
vulnerable | 2026-06-08 05:12:40.473271 |
Details available
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocate_revB scripts copies the hardcoded key to the root user's authorized_keys file, enabling anyone with the associated private key to gain remote root access to all affected products.
Published: 2019-06-07T15:06:30.000Z
Updated: 2024-08-04T23:32:54.676Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12775 |
vulnerable | 2026-06-08 05:12:40.472647 |
Details available
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They allow high-privileged root access by www-data via sudo without requiring appropriate access control. (Furthermore, the user account that controls the web application service is granted full access to run any system commands with elevated privilege, without the need for password authentication. Should vulnerabilities be identified and exploited within the web application, it may be possible for a threat actor to create or run high-privileged binaries or executables that are available within the operating system of the device.)
Published: 2019-06-07T15:06:21.000Z
Updated: 2024-08-04T23:32:54.829Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-12774 |
vulnerable | 2026-06-08 05:12:40.470325 |
Details available
A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044_update_05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description field in JSON data to the Profile Editor.
Published: 2019-06-07T15:06:04.000Z
Updated: 2024-08-04T23:32:54.840Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.