ENTTEC recommends users upgrade to a new version to mitigate a missing authentication for critical function vulnerability in its Datagate MK2, Storm 24, Pixelator, according to a report with NCCIC.
Successful exploitation of this remotely exploitable vulnerability, discovered by Ankit Anubhav of NewSky Security, could reboot this device allowing a continual denial of service condition.
ENTTEC reports the vulnerability affects the following products and versions:
• Datagate MK2 all firmware prior to 70044_update_05032019-482
• Storm 24 all firmware prior to 70050_update_05032019-482
• Pixelator all firmware prior to 70060_update_05032019-482
An unauthenticated user can initiate a remote reboot, which may be used to cause a denial of service condition.
CVE-2019-6542 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.
The products mainly see use in the commercial facilities sector. They also see action on a global basis.
No known public exploits specifically target this vulnerability. An attacker with low skill level could leverage the vulnerability.
Australia-based ENTTEC recommends users upgrade to the March 2019 revB firmware or later which can be downloaded from the following links:
• Datagate MK2 70044_update_05032019-482
• Storm 24 70050_update_05032019-482
• Pixelator 70060_update_05032019-482