Lucene search

MitreCVE-2018-20219

HistoryMar 21, 2019 - 4:00 p.m.

CVE-2018-20219

2019-03-2116:00:35

CWE-798

mitre

web.nvd.nist.gov

cve-2018-20219

teracue enc-400

authentication bypass

firmware

security

vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.005

Percentile

76.9%

JSON

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code (/usr/share/www/check.lp file). By setting this cookie in a browser, an attacker is able to maintain access to every ENC-400 device without knowing the password, which results in authentication bypass. Even if a user changes the password on the device, this token is static and unchanged.

Affected configurations

Nvd

Node

teracueenc-400_hdmiMatch-

AND

teracueenc-400_hdmi_firmwareRange≤2.56

Node

teracueenc-400_hdmi2Match-

AND

teracueenc-400_hdmi2_firmwareRange≤2.56

Node

teracueenc-400_hdsdiMatch-

AND

teracueenc-400_hdsdi_firmwareRange≤2.56

VendorProductVersionCPE
teracueenc-400_hdmi-cpe:2.3:h:teracue:enc-400_hdmi:-:*:*:*:*:*:*:*
teracueenc-400_hdmi_firmware*cpe:2.3:o:teracue:enc-400_hdmi_firmware:*:*:*:*:*:*:*:*
teracueenc-400_hdmi2-cpe:2.3:h:teracue:enc-400_hdmi2:-:*:*:*:*:*:*:*
teracueenc-400_hdmi2_firmware*cpe:2.3:o:teracue:enc-400_hdmi2_firmware:*:*:*:*:*:*:*:*
teracueenc-400_hdsdi-cpe:2.3:h:teracue:enc-400_hdsdi:-:*:*:*:*:*:*:*
teracueenc-400_hdsdi_firmware*cpe:2.3:o:teracue:enc-400_hdsdi_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
teracue	enc-400_hdmi	-	cpe:2.3:h:teracue:enc-400_hdmi:-:::::::*
teracue	enc-400_hdmi_firmware	*	cpe:2.3:o:teracue:enc-400_hdmi_firmware::::::::
teracue	enc-400_hdmi2	-	cpe:2.3:h:teracue:enc-400_hdmi2:-:::::::*
teracue	enc-400_hdmi2_firmware	*	cpe:2.3:o:teracue:enc-400_hdmi2_firmware::::::::
teracue	enc-400_hdsdi	-	cpe:2.3:h:teracue:enc-400_hdsdi:-:::::::*
teracue	enc-400_hdsdi_firmware	*	cpe:2.3:o:teracue:enc-400_hdsdi_firmware::::::::

References

packetstormsecurity.com/files/151802/Teracue-ENC-400-Command-Injection-Missing-Authentication.html

seclists.org/fulldisclosure/2019/Feb/48

zxsecurity.co.nz/research.html

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.005

Percentile

76.9%

JSON

Related for CVE-2018-20219