Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter in the login form.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Teracue ENC-400 操作系统命令注入漏洞
Vulnerability Description
Teracue ENC-400是德国Teracue公司的一款便携式多流编码器。 Teracue ENC-400中的login form存在操作系统命令注入漏洞,该漏洞源于程序没有进行任何转义或验证操作便将用户输入传递到shell命令中。攻击者可利用该漏洞执行代码。
CVSS Information
N/A
Vulnerability Type
N/A