Published: 21/03/2019 Updated: 03/10/2019

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

An issue exists on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter in the login form.

Vulnerable Product	Search on Vulmon	Subscribe to Product
teracue enc-400_hdmi_firmware
teracue enc-400_hdmi2_firmware
teracue enc-400_hdsdi_firmware

Introduction ============ Multiple vulnerabilities were identified within the Teracue ENC-400, including pre-authenticated remote code authentication While the vendor has released updated firmware after these issues were identified, they are not all resolved with the latest version of the firmware Product ======= The Teracue ENC-400 is accessi ...

Teracue ENC-400 suffers from hard-coded credential, missing authentication, and command injection vulnerabilities ...

CWE-78 https://zxsecurity.co.nz/research.html http://seclists.org/fulldisclosure/2019/Feb/48 https://nvd.nist.gov https://www.exploit-db.com/exploits/46451

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-20218

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect