An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated, and some of these pages may disclose sensitive information.
CPE | Name | Operator | Version |
---|---|---|---|
enc-400_hdmi2_firmware | le | 2.56 | |
enc-400_hdmi_firmware | le | 2.56 | |
enc-400_hdsdi_firmware | le | 2.56 |