CVE-2018-20219

high-risk

Published 2019-03-21

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code (/usr/share/www/check.lp file). By setting this cookie in a browser, an attacker is able to maintain access to every ENC-400 device without knowing the password, which results in authentication bypass. Even if a user changes the password on the device, this token is static and unchanged.

Do I need to act?

42.9% chance of exploitation in next 30 days

EPSS score — higher than 57% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

46451

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.1/10 High

NETWORK / HIGH complexity

Affected Products (3)

Enc-400 Hdmi Firmware

Enc-400 Hdmi2 Firmware

Enc-400 Hdsdi Firmware

Affected Vendors

Teracue

References (6)

Third Party Advisory http://packetstormsecurity.com/files/151802/Teracue-ENC-400-Command-Injection-Mi...

Mailing List http://seclists.org/fulldisclosure/2019/Feb/48

Not Applicable https://zxsecurity.co.nz/research.html

Third Party Advisory http://packetstormsecurity.com/files/151802/Teracue-ENC-400-Command-Injection-Mi...

Mailing List http://seclists.org/fulldisclosure/2019/Feb/48

Not Applicable https://zxsecurity.co.nz/research.html

/ 100

high-risk

Severity 24/34 · High

Exploitability 17/34 · Moderate

Exposure 9/34 · Low