ENTTEC Lighting Controllers Vulnerability [CVE-2019-6542]

Successful exploitation of this vulnerability could reboot this device allowing a continual denial of service condition.

CVE-2019-6542 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

AFFECTED PRODUCTS

ENTTEC reports that the vulnerability affects the following products and versions:

  • Datagate MK2 all firmware prior to 70044_update_05032019-482,
  • Storm 24 all firmware prior to 70050_update_05032019-482, and
  • Pixelator all firmware prior to 70060_update_05032019-482

MITIGATIONS

ENTTEC recommends users upgrade to the March 2019 revB firmware or later which can be downloaded from the following links:

Datagate MK2 70044_update_05032019-482:

https://www.enttec.com/product/controls/dmx-ethernet-lighting-control/advanced-lighting-data-control/

Storm 24 70050_update_05032019-482:

https://www.enttec.com/product/controls/dmx-ethernet-lighting-control/ethernet-to-dmx-converter/

Pixelator 70060_update_05032019-482:

https://www.enttec.com/product/controls/addressable-led-pixel-control/24-port-ethernet-pixel-controller/

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: