CVE-2019-12776
published 2019-06-07CVE-2019-12776: An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded…
PriorityP264critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
2.02%
78.5th percentile
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocate_revB scripts copies the hardcoded key to the root user's authorized_keys file, enabling anyone with the associated private key to gain remote root access to all affected products.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| enttec | datagate_mk2_firmware | — | — |
| enttec | e-streamer_mk2_firmware | — | — |
| enttec | pixelator_firmware | — | — |
| enttec | storm_24_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthorized SSH/SCP access attempts to affected ENTTEC devices as the root user, which may indicate use of the hard-coded backdoor private key ↗
- →Monitor execution of the 'relocate' and 'relocate_revB' scripts on ENTTEC devices, as these copy the hard-coded key into root's authorized_keys file ↗
- →Inspect /root/.ssh/authorized_keys on affected ENTTEC devices for the presence of the hard-coded public key introduced by the relocate/relocate_revB scripts ↗
- ·Vulnerability affects firmware version 70044_update_05032019-482 and prior on ENTTEC Datagate Mk2, Storm 24, Pixelator, and E-Streamer Mk2; devices on this firmware should be treated as fully compromised from a remote root SSH perspective ↗
- ·The hard-coded SSH key grants root-level SCP access in addition to interactive SSH, meaning file exfiltration and upload to/from the device is also possible without authentication beyond possession of the private key ↗
- ·Public exploits are available for this vulnerability, lowering the bar for exploitation significantly ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4fhr-7v46-9fwm: An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482
ghsa_unreviewed·2022-05-24
CVE-2019-12776 [CRITICAL] CWE-798 GHSA-4fhr-7v46-9fwm: An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482
An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocate_revB scripts copies the hardcoded key to the root user's authorized_keys file, enabling anyone with the associated private key to gain remote root access to all affected products.
CISA ICS
ENTTEC Lighting Controllers (Update A)
cisa_ics·2020-06-25·CVSS 9.8
[CRITICAL] ENTTEC Lighting Controllers (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
ENTTEC Lighting Controllers (Update A)
Last RevisedSeptember 15, 2020
Alert CodeICSA-20-177-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available
- Vendor: ENTTEC
- Equipment: Datagate Mk2, Storm 24, Pixelator, E-Streamer Mk2
- Vulnerabilities: Use of Hard-coded Cryptographic Key, Cross-site Scripting, Improper Access Control, Incorrect Permission Assignment for Critical Resource
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-20-177-01 ENTTEC Li
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-06-07
Published