An authentication bypass vulnerability in Teracue ENC-400 devices with firmware 2.56 and belo
Reporter | Title | Published | Views | Family All 8 |
---|---|---|---|---|
![]() | CVE-2018-20219 | 21 Mar 201916:00 | – | nvd |
![]() | CVE-2018-20219 | 22 May 202512:59 | – | redhatcve |
![]() | Authentication flaw | 21 Mar 201916:00 | – | prion |
![]() | CVE-2018-20219 | 17 Mar 201920:47 | – | cvelist |
![]() | Teracue ENC-400 - Command Injection / Missing Authentication | 22 Feb 201900:00 | – | exploitdb |
![]() | Teracue ENC-400 Command Injection / Missing Authentication Vulnerabilities | 21 Feb 201900:00 | – | zdt |
![]() | Teracue ENC-400 Command Injection / Missing Authentication | 20 Feb 201900:00 | – | packetstorm |
![]() | Teracue ENC-400 - Command Injection Missing Authentication | 22 Feb 201900:00 | – | exploitpack |
Source | Link |
---|---|
packetstormsecurity | www.packetstormsecurity.com/files/151802/Teracue-ENC-400-Command-Injection-Missing-Authentication.html |
zxsecurity | www.zxsecurity.co.nz/research.html |
seclists | www.seclists.org/fulldisclosure/2019/Feb/48 |
Parameter | Position | Path | Description | CWE |
---|---|---|---|---|
AuthByPasswdENC400 | header | /usr/share/www/check.lp | Hard-coded authentication token allows access to web administration panel without a valid password. | CWE-798 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo