An issue exists on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter in the login form.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
teracue enc-400_hdmi_firmware |
||
teracue enc-400_hdmi2_firmware |
||
teracue enc-400_hdsdi_firmware |