Vulnerability CVE-2018-20219


Published: 2019-03-21

Description:
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code (/usr/share/www/check.lp file). By setting this cookie in a browser, an attacker is able to maintain access to every ENC-400 device without knowing the password, which results in authentication bypass. Even if a user changes the password on the device, this token is static and unchanged.

See advisories in our WLB2 database:
Topic
Author
Date
High
Teracue ENC-400 Command Injection / Missing Authentication
Stephen Shkardoo...
22.02.2019

Type:

CWE-798

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Teracue -> Enc-400 hdmi2 firmware 
Teracue -> Enc-400 hdmi firmware 
Teracue -> Enc-400 hdsdi firmware 

 References:
http://packetstormsecurity.com/files/151802/Teracue-ENC-400-Command-Injection-Missing-Authentication.html
http://seclists.org/fulldisclosure/2019/Feb/48
https://zxsecurity.co.nz/research.html

Copyright 2024, cxsecurity.com

 

Back to Top