Description
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated, and some of these pages may disclose sensitive information.
Exploits (1)
exploitdb
WRITEUP
by Stephen Shkardoon · textwebappshardware
https://www.exploit-db.com/exploits/46451
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/151802/Teracue-ENC-400-Command-Injection-Missing-Authentication.html
Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2019/Feb/48
Not Applicable x_refsource_misc
https://zxsecurity.co.nz/research.html
Scores
CVSS v3
7.5
EPSS
0.4360
EPSS Percentile
97.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-306
Status
published
Products (3)
teracue/enc-400_hdmi2_firmware
< 2.56
teracue/enc-400_hdmi_firmware
< 2.56
teracue/enc-400_hdsdi_firmware
< 2.56
Published
Mar 21, 2019
Tracked Since
Feb 18, 2026