CVE-2018-20220

HIGH

Teracue ENC-400 <2.56 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-20220. PoCs published by Stephen Shkardoon.

AI-analyzed exploit summary The document describes multiple vulnerabilities in Teracue ENC-400 firmware v2.56 or below, including command injection (CVE-2018-20218), hard-coded authentication token (CVE-2018-20219), and missing authentication on sensitive endpoints (CVE-2018-20220). It details exploitation methods and incomplete vendor fixes.

Description

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated, and some of these pages may disclose sensitive information.

Exploits (1)

exploitdb WRITEUP

by Stephen Shkardoon · textwebappshardware

https://www.exploit-db.com/exploits/46451

View Code ZIP pw:eip

The document describes multiple vulnerabilities in Teracue ENC-400 firmware v2.56 or below, including command injection (CVE-2018-20218), hard-coded authentication token (CVE-2018-20219), and missing authentication on sensitive endpoints (CVE-2018-20220). It details exploitation methods and incomplete vendor fixes.

Classification

Writeup 100%

Attack Type

Rce | Auth Bypass | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Teracue ENC-400 firmware v2.56 or below

No auth needed

Prerequisites: Network access to the device · HTTP interface exposed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/151802/Teracue-ENC-400-Command-Injection-Missing-Authentication.html

Mailing List, Third Party Advisory x_refsource_misc

http://seclists.org/fulldisclosure/2019/Feb/48

Not Applicable x_refsource_misc

https://zxsecurity.co.nz/research.html

Scores

CVSS v3 7.5

EPSS 0.1536

EPSS Percentile 96.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-306

Status published

Products (3)

teracue/enc-400_hdmi2_firmware < 2.56

teracue/enc-400_hdmi_firmware < 2.56

teracue/enc-400_hdsdi_firmware < 2.56

Published Mar 21, 2019

Tracked Since Feb 18, 2026