← Back

CVE-2018-20220

nvd nist
Published: Mar 21, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated, and some of these pages may disclose sensitive information.

Affected (3)

Teracue
3 products
Enc 400 Hdmi Firmware
Enc 400 Hdmi2 Firmware
Enc 400 Hdsdi Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Enc 400 Hdmi Firmware
Up to 2.56
Running on/withPlatform Versions
Teracue
Enc 400 Hdmi
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Enc 400 Hdmi2 Firmware
Up to 2.56
Running on/withPlatform Versions
Teracue
Enc 400 Hdmi2
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Enc 400 Hdsdi Firmware
Up to 2.56
Running on/withPlatform Versions
Teracue
Enc 400 Hdsdi
All versions

Related CWEs

CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (6)

Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Not Applicable
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable

Timeline

No history available yet.