#VU29311 Improper access control in ENTTEC products - CVE-2019-12775
Published: June 26, 2020
Vulnerability identifier: #VU29311
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-12775
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Datagate Mk2
Storm 24
Pixelator
E-Streamer Mk2
Datagate Mk2
Storm 24
Pixelator
E-Streamer Mk2
Software vendor:
ENTTEC
ENTTEC
Description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the affected products enable high privileged root access via sudo capability without requiring appropriate access control. A remote authenticated attacker can bypass implemented security restrictions and gain unauthorized access to the application.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.