Sign-up

ID

VAR-201906-0584


CVE

CVE-2019-12776


TITLE

plural ENTTEC Vulnerabilities related to the use of hard-coded credentials in products

Trust: 0.8

sources: JVNDB: JVNDB-2019-005345

DESCRIPTION

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044_update_05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocate_revB scripts copies the hardcoded key to the root user's authorized_keys file, enabling anyone with the associated private key to gain remote root access to all affected products. plural ENTTEC The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ENTTEC Datagate MK2 and so on are all products of Australian ENTTEC company. ENTTEC Datagate MK2 is a lighting controller. ENTTEC Storm 24 is an Ethernet to DMX512 converter. ENTTEC Pixelator is a pixel controller. There are trust management issue vulnerabilities in several ENTTEC products. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

Trust: 1.8

sources: NVD: CVE-2019-12776 // JVNDB: JVNDB-2019-005345 // VULHUB: VHN-144556 // VULMON: CVE-2019-12776

AFFECTED PRODUCTS

vendor:enttecmodel:storm 24scope:eqversion:70044

Trust: 1.0

vendor:enttecmodel:pixelatorscope:eqversion:70044

Trust: 1.0

vendor:enttecmodel:e-streamer mk2scope:eqversion:70044

Trust: 1.0

vendor:enttecmodel:datagate mk2scope:eqversion:70044

Trust: 1.0

vendor:enttecmodel:datagate mk2scope:eqversion:70044_update_05032019-482

Trust: 0.8

vendor:enttecmodel:e-streamer mk2scope:eqversion:70044_update_05032019-482

Trust: 0.8

vendor:enttecmodel:pixelatorscope:eqversion:70044_update_05032019-482

Trust: 0.8

vendor:enttecmodel:storm 24scope:eqversion:70044_update_05032019-482

Trust: 0.8

sources: JVNDB: JVNDB-2019-005345 // NVD: CVE-2019-12776

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12776
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-12776
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201906-302
value: CRITICAL

Trust: 0.6

VULHUB: VHN-144556
value: HIGH

Trust: 0.1

VULMON: CVE-2019-12776
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12776
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-144556
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12776
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-144556 // VULMON: CVE-2019-12776 // JVNDB: JVNDB-2019-005345 // CNNVD: CNNVD-201906-302 // NVD: CVE-2019-12776

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-144556 // JVNDB: JVNDB-2019-005345 // NVD: CVE-2019-12776

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-302

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201906-302

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005345

PATCH
title:Datagate MK2url:https://www.enttec.com/product/controls/dmx-ethernet-lighting-control/advanced-lighting-data-control/
Trust: 0.8
title:Pixelatorurl:https://www.enttec.com.au/product/controls/addressable-led-pixel-control/ethernet-to-pixel-converter/
Trust: 0.8
title:Storm 24url:https://www.enttec.com.au/product/network-and-distribution/dmx512-conversion/ethernet-to-dmx-converter/
Trust: 0.8
title:E-Streamer Mk2url:https://www.enttec.com.au/product/playback/lighting-show-recorder/advanced-show-recorder/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-005345

EXTERNAL IDS
db:NVDid:CVE-2019-12776
Trust: 2.6
db:JVNDBid:JVNDB-2019-005345
Trust: 0.8
db:CNNVDid:CNNVD-201906-302
Trust: 0.7
db:ICS CERTid:ICSA-20-177-01
Trust: 0.6
db:AUSCERTid:ESB-2020.2211
Trust: 0.6
db:VULHUBid:VHN-144556
Trust: 0.1
db:VULMONid:CVE-2019-12776
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144556 // 
            
            
            
            VULMON: CVE-2019-12776 // 
            
            
            
            JVNDB: JVNDB-2019-005345 // 
            
            
            
            CNNVD: CNNVD-201906-302 // 
            
            
            
            NVD: CVE-2019-12776

REFERENCES
url:https://www.mogozobo.com/?p=3476
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-12776
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12776
Trust: 0.8
url:https://us-cert.cisa.gov/ics/advisories/icsa-20-177-01
Trust: 0.6
url:https://www.us-cert.gov/ics/advisories/icsa-20-177-01
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2211/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/798.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-144556 // 
            
            
            
            VULMON: CVE-2019-12776 // 
            
            
            
            JVNDB: JVNDB-2019-005345 // 
            
            
            
            CNNVD: CNNVD-201906-302 // 
            
            
            
            NVD: CVE-2019-12776

SOURCES
db:VULHUBid:VHN-144556
db:VULMONid:CVE-2019-12776
db:JVNDBid:JVNDB-2019-005345
db:CNNVDid:CNNVD-201906-302
db:NVDid:CVE-2019-12776

LAST UPDATE DATE
2024-11-23T22:06:10.969000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-144556date:2019-06-10T00:00:00
db:VULMONid:CVE-2019-12776date:2019-06-10T00:00:00
db:JVNDBid:JVNDB-2019-005345date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201906-302date:2020-09-16T00:00:00
db:NVDid:CVE-2019-12776date:2024-11-21T04:23:33.287

SOURCES RELEASE DATE
db:VULHUBid:VHN-144556date:2019-06-07T00:00:00
db:VULMONid:CVE-2019-12776date:2019-06-07T00:00:00
db:JVNDBid:JVNDB-2019-005345date:2019-06-19T00:00:00
db:CNNVDid:CNNVD-201906-302date:2019-06-07T00:00:00
db:NVDid:CVE-2019-12776date:2019-06-07T16:29:00.673