CVE-2018-20218

CRITICAL

Teracue ENC-400 <2.56 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-20218.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in the Teracue ENC-400 device, including command injection (CVE-2018-20218), hard-coded authentication token (CVE-2018-20219), and missing authentication on sensitive endpoints (CVE-2018-20220). It provides code snippets, root cause analysis, and resolution status for each issue.

Description

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter in the login form.

Exploits (1)

exploitdb WRITEUP
webappshardware
https://www.exploit-db.com/exploits/46451

This is a detailed technical writeup describing multiple vulnerabilities in the Teracue ENC-400 device, including command injection (CVE-2018-20218), hard-coded authentication token (CVE-2018-20219), and missing authentication on sensitive endpoints (CVE-2018-20220). It provides code snippets, root cause analysis, and resolution status for each issue.

Classification
Writeup 100%
Attack Type
Rce | Auth Bypass | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Teracue ENC-400 firmware v2.56 or below
No auth needed
Prerequisites: Network access to the Teracue ENC-400 device
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2019/Feb/48
Not Applicable x_refsource_misc
https://zxsecurity.co.nz/research.html

Scores

CVSS v3 9.8
EPSS 0.1074
EPSS Percentile 95.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (3)
teracue/enc-400_hdmi2_firmware < 2.56
teracue/enc-400_hdmi_firmware < 2.56
teracue/enc-400_hdsdi_firmware < 2.56
Published Mar 21, 2019
Tracked Since Feb 18, 2026