Published: 21/03/2019 Updated: 24/08/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An issue exists on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated, and some of these pages may disclose sensitive information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
teracue enc-400_hdmi_firmware
teracue enc-400_hdmi2_firmware
teracue enc-400_hdsdi_firmware

Introduction ============ Multiple vulnerabilities were identified within the Teracue ENC-400, including pre-authenticated remote code authentication While the vendor has released updated firmware after these issues were identified, they are not all resolved with the latest version of the firmware Product ======= The Teracue ENC-400 is accessi ...

Teracue ENC-400 suffers from hard-coded credential, missing authentication, and command injection vulnerabilities ...

CWE-306 https://zxsecurity.co.nz/research.html http://seclists.org/fulldisclosure/2019/Feb/48 http://packetstormsecurity.com/files/151802/Teracue-ENC-400-Command-Injection-Missing-Authentication.html https://nvd.nist.gov https://www.exploit-db.com/exploits/46451

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-20220

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect