CVE-2019-12776
CRITICALENTTEC Datagate MK2, Storm 24, Pixelator, E-Streamer MK2 Firmware 70044 - Hard-coded Credentials
Title source: llmDescription
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocate_revB scripts copies the hardcoded key to the root user's authorized_keys file, enabling anyone with the associated private key to gain remote root access to all affected products.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.mogozobo.com/?p=3476
Scores
CVSS v3
9.8
EPSS
0.0202
EPSS Percentile
78.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (4)
enttec/datagate_mk2_firmware
70044 05032019-482
enttec/e-streamer_mk2_firmware
70044 05032019-482
enttec/pixelator_firmware
70044 05032019-482
enttec/storm_24_firmware
70044 05032019-482
Published
Jun 07, 2019
Tracked Since
Feb 18, 2026