Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2019/03/21 4:0 p.m.15 views

CVE-2018-20219

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code...

9.3CVSS8.3AI score0.42901EPSS
Exploits4References3
NVD
NVDadded 2019/03/21 4:0 p.m.12 views

CVE-2018-20220

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated,...

7.5CVSS7.6AI score0.43602EPSS
Exploits4References3
OSV
OSVadded 2019/03/21 4:0 p.m.2 views

CVE-2018-20219

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code...

8.1CVSS5.8AI score0.42901EPSS
Exploits4References3
Prion
Prionadded 2019/03/21 4:0 p.m.16 views

Authentication flaw

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code...

9.3CVSS8.7AI score0.42901EPSS
Exploits4References3Affected Software3
Prion
Prionadded 2019/03/21 4:0 p.m.11 views

Authentication flaw

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated,...

5CVSS8AI score0.43602EPSS
Exploits4References3Affected Software3
Prion
Prionadded 2019/03/21 4:0 p.m.18 views

Command injection

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter...

10CVSS9.7AI score0.30681EPSS
Exploits5References2Affected Software3
Cvelist
Cvelistadded 2019/03/17 8:41 p.m.15 views

CVE-2018-20218

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter...

9.8AI score0.30681EPSS
Exploits5References2
CVE
CVEadded 2019/03/17 8:41 p.m.72 views

CVE-2018-20218

Summary (CVE-2018-20218): Teracue ENC-400 devices running firmware 2.56 or below are affected by a command-injection vulnerability in the login form. The issue arises because the login input is passed directly to a shell command in /usr/share/www/check.lp without escaping or validation, enabling ...

10CVSS9.7AI score0.30681EPSS
Exploits5References2Affected Software1
Rows per page
Query Builder