Lucene search

[email protected]CVE-2016-5666

HistoryAug 03, 2016 - 1:59 a.m.

CVE-2016-5666

2016-08-0301:59:03

[email protected]

web.nvd.nist.gov

crestron

electronics

dm-txrx-100-str

authentication bypass

cve-2016-5666

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.7%

JSON

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1.

Affected configurations

NVD

Node

crestrondm-txrx-100-str_firmwareMatch1.2866.00026

AND

crestrondm-txrx-100-strMatch-

CPENameOperatorVersion
crestron:dm-txrx-100-str_firmwarecrestron dm-txrx-100-str firmwareeq1.2866.00026

CPE	Name	Operator	Version
crestron:dm-txrx-100-str_firmware	crestron dm-txrx-100-str firmware	eq	1.2866.00026

References

www.kb.cert.org/vuls/id/974424

www.securityfocus.com/bid/92211

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.7%

JSON

Related for CVE-2016-5666

nvd1 prion1 cvelist1 cert1