Lucene search

CVE-2018-20219

🗓️ 21 Mar 2019 16:35:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 65 Views🌐 WEB

An authentication bypass vulnerability in Teracue ENC-400 devices with firmware 2.56 and belo

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
NVD	CVE-2018-20219	21 Mar 201916:00	–	nvd
RedhatCVE	CVE-2018-20219	22 May 202512:59	–	redhatcve
Prion	Authentication flaw	21 Mar 201916:00	–	prion
Cvelist	CVE-2018-20219	17 Mar 201920:47	–	cvelist
Exploit DB	Teracue ENC-400 - Command Injection / Missing Authentication	22 Feb 201900:00	–	exploitdb
0day.today	Teracue ENC-400 Command Injection / Missing Authentication Vulnerabilities	21 Feb 201900:00	–	zdt
Packet Storm	Teracue ENC-400 Command Injection / Missing Authentication	20 Feb 201900:00	–	packetstorm
exploitpack	Teracue ENC-400 - Command Injection Missing Authentication	22 Feb 201900:00	–	exploitpack

Nvd

Node

teracue enc-400_hdmi_firmwareRange≤2.56

AND

teracue enc-400_hdmiMatch-

Node

teracue enc-400_hdmi2_firmwareRange≤2.56

AND

teracue enc-400_hdmi2Match-

Node

teracue enc-400_hdsdi_firmwareRange≤2.56

AND

teracue enc-400_hdsdiMatch-

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/151802/Teracue-ENC-400-Command-Injection-Missing-Authentication.html
zxsecurity	www.zxsecurity.co.nz/research.html
seclists	www.seclists.org/fulldisclosure/2019/Feb/48

Parameter	Position	Path	Description	CWE
AuthByPasswdENC400	header	/usr/share/www/check.lp	Hard-coded authentication token allows access to web administration panel without a valid password.	CWE-798

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 Mar 2019 16:00Current

9.1High risk

Vulners AI Score9.1

CVSS29.3

CVSS38.1

EPSS0.44151

CWE-798