An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter in the login form.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-17T20:41:55

Updated: 2024-08-05T11:58:19.100Z

Reserved: 2018-12-19T00:00:00

Link: CVE-2018-20218

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-03-21T16:00:35.250

Modified: 2024-11-21T04:01:06.283

Link: CVE-2018-20218

cve-icon Redhat

No data.