PT-2019-10021 · Teracue · Teracue Enc-400

Stephen Shkardoon

Published

2019-03-17

Updated

2020-08-24

CVE-2018-20220

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Teracue ENC-400 devices with firmware 2.56 and below

Description: An issue was discovered where a large portion of the HTTP endpoints are missing authentication, allowing an attacker to view these pages before being authenticated. Some of these pages may disclose sensitive information.

Recommendations: For Teracue ENC-400 devices with firmware 2.56 and below, consider restricting access to the web interface until a fix is available. As a temporary workaround, limit access to sensitive information by implementing additional authentication measures for the affected HTTP endpoints.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2018-20220

Affected Products

Teracue Enc-400

PT-2019-10021 · Teracue · Teracue Enc-400

CVE-2018-20220

Weakness Enumeration

Related Identifiers

Affected Products

References · 6