Lucene search
PRIOn knowledge basePRION:CVE-2018-20218HistoryMar 21, 2019 - 4:00 p.m.
Command injection
2019-03-2116:00:00
PRIOn knowledge base
www.prio-n.com
6
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the “password” parameter in the login form.
| CPE | Name | Operator | Version |
|---|---|---|---|
| enc-400_hdmi2_firmware | le | 2.56 | |
| enc-400_hdmi_firmware | le | 2.56 | |
| enc-400_hdsdi_firmware | le | 2.56 |
Related
cvelist
cvelist
CVE-2018-20218
2019-03-17 20:41:55
nvd
nvd
CVE-2018-20218
2019-03-21 16:00:35
cve
cve
CVE-2018-20218
2019-03-21 16:00:35
packetstorm
packetstorm
Teracue ENC-400 Command Injection / Missing Authentication
2019-02-20 00:00:00
exploitpack
exploitpack
Teracue ENC-400 - Command Injection Missing Authentication
2019-02-22 00:00:00
exploitdb
exploitdb
Teracue ENC-400 - Command Injection / Missing Authentication
2019-02-22 00:00:00