CVE-2018-20218

Name of the Vulnerable Software and Affected Versions: Teracue ENC-400 devices version 2.56 and below

Description: An issue was discovered where the login form passes user input directly to a shell command without escaping or validation in the /usr/share/www/check.lp file. This allows an attacker to perform command injection using the password parameter in the login form.

Recommendations: For Teracue ENC-400 devices version 2.56 and below, consider disabling the login form until a patch is available to prevent command injection attacks. Restrict access to the /usr/share/www/check.lp file to minimize the risk of exploitation. Avoid using the password parameter in the login form until the issue is resolved.