23 matches found
CVE-2018-20219
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code...
CVE-2018-20220
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated,...
CVE-2018-20218
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter...
CVE-2018-20220
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated,...
CVE-2018-20219
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code...
CVE-2018-20218
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter...
CVE-2018-20220
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated,...
CVE-2018-20218
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter...
CVE-2018-20219
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code...
Authentication flaw
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code...
Authentication flaw
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated,...
Command injection
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter...
CVE-2018-20220
Teracue ENC-400 devices with firmware 2.56 and below expose a set of pre-authentication HTTP endpoints lacking authentication, enabling an attacker to view pages before login and potentially disclose sensitive information. Red‑team sources and vulnerability trackers reference command injection an...
CVE-2018-20220
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated,...
CVE-2018-20219
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code...
CVE-2018-20219
CVE-2018-20219 (Teracue ENC-400) affects firmware 2.56 and earlier. Public documents confirm an authentication bypass caused by a hard-coded cookie/token stored in /usr/share/www/check.lp that permits access to the web admin panel after login, enabling persistent access without a password. Even p...
CVE-2018-20218
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter...
CVE-2018-20218
Summary (CVE-2018-20218): Teracue ENC-400 devices running firmware 2.56 or below are affected by a command-injection vulnerability in the login form. The issue arises because the login input is passed directly to a shell command in /usr/share/www/check.lp without escaping or validation, enabling ...
Teracue ENC-400 Command Injection Vulnerability
The Teracue ENC-400 is a portable multi-flow encoder from Teracue Germany. A command injection vulnerability exists in the login form of the Teracue ENC-400, which can be exploited to execute code when the program passes user input to a shell command without performing any escaping or validation...
Teracue ENC-400 - Command Injection Missing Authentication
Teracue ENC-400 - Command Injection Missing Authentication Introduction ============ Multiple vulnerabilities were identified within the Teracue ENC-400, including pre-authenticated remote code authentication. While the vendor has released updated firmware after these issues were identified, they...