3 matches found
CVE-2018-20218
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter...
CVE-2018-20218
Summary (CVE-2018-20218): Teracue ENC-400 devices running firmware 2.56 or below are affected by a command-injection vulnerability in the login form. The issue arises because the login input is passed directly to a shell command in /usr/share/www/check.lp without escaping or validation, enabling ...
Teracue ENC-400 Command Injection / Missing Authentication
Introduction ============ Multiple vulnerabilities were identified within the Teracue ENC-400, including pre-authenticated remote code authentication. While the vendor has released updated firmware after these issues were identified, they are not all resolved with the latest version of the...