CVE-2018-20220

Опубликовано: 21 мар. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated, and some of these pages may disclose sensitive information.

Ссылки

http://packetstormsecurity.com/files/151802/Teracue-ENC-400-Command-Injection-Missing-Authentication.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2019/Feb/48
Mailing List
Third Party Advisory
https://zxsecurity.co.nz/research.html
Not Applicable
http://packetstormsecurity.com/files/151802/Teracue-ENC-400-Command-Injection-Missing-Authentication.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2019/Feb/48
Mailing List
Third Party Advisory
https://zxsecurity.co.nz/research.html
Not Applicable

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:teracue:enc-400_hdmi_firmware:*:*:*:*:*:*:*:*

Версия до 2.56 (включая)

cpe:2.3:h:teracue:enc-400_hdmi:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:teracue:enc-400_hdmi2_firmware:*:*:*:*:*:*:*:*

Версия до 2.56 (включая)

cpe:2.3:h:teracue:enc-400_hdmi2:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:teracue:enc-400_hdsdi_firmware:*:*:*:*:*:*:*:*

Версия до 2.56 (включая)

cpe:2.3:h:teracue:enc-400_hdsdi:-:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.44435

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-p26r-3433-9cc5

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 97%

0.44435

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-306