Teracue Enc-400 Hdmi2 Firmware vulnerabilities
3 known vulnerabilities affecting teracue/enc-400_hdmi2_firmware.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2018-20219P2HIGHCVSS 8.1PoC≤ 2.562019-03-21
CVE-2018-20219 [HIGH] CWE-798 CVE-2018-20219: An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful au
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code (/usr/share/www/check.lp file). By setting this cookie in a b
nvd
CVE-2018-20218P2CRITICALCVSS 9.8PoC≤ 2.562019-03-21
CVE-2018-20218 [CRITICAL] CWE-78 CVE-2018-20218: An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form pass
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter in the login form.
nvd
CVE-2018-20220P2HIGHCVSS 7.5PoC≤ 2.562019-03-21
CVE-2018-20220 [HIGH] CWE-306 CVE-2018-20220: An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web inter
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated, and some of these pages may disclose sensitive informati
nvd