Lucene search
PRIOn knowledge basePRION:CVE-2018-20219HistoryMar 21, 2019 - 4:00 p.m.
Authentication flaw
2019-03-2116:00:00
PRIOn knowledge base
www.prio-n.com
1
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code (/usr/share/www/check.lp file). By setting this cookie in a browser, an attacker is able to maintain access to every ENC-400 device without knowing the password, which results in authentication bypass. Even if a user changes the password on the device, this token is static and unchanged.
| CPE | Name | Operator | Version |
|---|---|---|---|
| enc-400_hdmi2_firmware | le | 2.56 | |
| enc-400_hdmi_firmware | le | 2.56 | |
| enc-400_hdsdi_firmware | le | 2.56 |
Related
cve
cve
CVE-2018-20219
2019-03-21 16:00:35
cvelist
cvelist
CVE-2018-20219
2019-03-17 20:47:53
nvd
nvd
CVE-2018-20219
2019-03-21 16:00:35
zdt
zdt
Teracue ENC-400 Command Injection / Missing Authentication Vulnerabilities
2019-02-21 00:00:00
packetstorm
packetstorm
Teracue ENC-400 Command Injection / Missing Authentication
2019-02-20 00:00:00
exploitpack
exploitpack
Teracue ENC-400 - Command Injection Missing Authentication
2019-02-22 00:00:00
exploitdb
exploitdb
Teracue ENC-400 - Command Injection / Missing Authentication
2019-02-22 00:00:00