High severity7.5NVD Advisory· Published Mar 21, 2019· Updated Jun 17, 2026
CVE-2018-20220
CVE-2018-20220
Description
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated, and some of these pages may disclose sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/151802/Teracue-ENC-400-Command-Injection-Missing-Authentication.htmlnvdThird Party AdvisoryVDB Entry
- seclists.org/fulldisclosure/2019/Feb/48nvdMailing ListThird Party Advisory
- zxsecurity.co.nz/research.htmlnvdNot Applicable
News mentions
0No linked articles in our index yet.