CVE-2018-20220
Last modified
CVE-2018-20220 is a vulnerability of currently unknown severity. An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. EPSS estimates a 15.36% chance of exploitation in the next 30 days.
Description
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated, and some of these pages may disclose sensitive information.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Teracue | Enc-400 Hdmi Firmware | <= 2.56 |
| Teracue | Enc-400 Hdmi2 Firmware | <= 2.56 |
| Teracue | Enc-400 Hdsdi Firmware | <= 2.56 |
References
- http://packetstormsecurity.com/files/151802/Teracue-ENC-400-Command-Injection-Missing-Authentication.htmlThird Party Advisory, VDB Entry
- http://seclists.org/fulldisclosure/2019/Feb/48Mailing List, Third Party Advisory
- https://zxsecurity.co.nz/research.htmlNot Applicable
- http://packetstormsecurity.com/files/151802/Teracue-ENC-400-Command-Injection-Missing-Authentication.htmlThird Party Advisory, VDB Entry
- http://seclists.org/fulldisclosure/2019/Feb/48Mailing List, Third Party Advisory
- https://zxsecurity.co.nz/research.htmlNot Applicable
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-20220?
How severe is CVE-2018-20220?
How do I fix CVE-2018-20220?
Are you affected by CVE-2018-20220?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST