CVE-2018-20218

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter in the login form.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
teracueenc-400_hdmi_firmware
𝑥
≤ 2.56
teracueenc-400_hdmi2_firmware
𝑥
≤ 2.56
teracueenc-400_hdsdi_firmware
𝑥
≤ 2.56
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2019/Feb/48
https://zxsecurity.co.nz/research.html
http://seclists.org/fulldisclosure/2019/Feb/48
https://zxsecurity.co.nz/research.html