Lucene search

MitreCVE-2020-16839

HistoryJul 30, 2021 - 2:15 p.m.

CVE-2020-16839

2021-07-3014:15:13

CWE-287

mitre

web.nvd.nist.gov

cve-2020-16839

crestron

dm-nvx-dir

dm-nvx-dir80

dm-nvx-ent

websocket

unauthenticated

password change

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

39.5%

JSON

On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request.

Affected configurations

Nvd

Node

crestrondm-nvx-dir-80Match-

AND

crestrondm-nvx-dir-80_firmwareMatch1.0.1.788

Node

crestrondm-nvx-dir-160Match-

AND

crestrondm-nvx-dir-160_firmwareMatch1.0.1.788

Node

crestrondm-nvx-dir-entMatch-

AND

crestrondm-nvx-dir-ent_firmwareMatch1.0.1.788

VendorProductVersionCPE
crestrondm-nvx-dir-80-cpe:2.3:h:crestron:dm-nvx-dir-80:-:*:*:*:*:*:*:*
crestrondm-nvx-dir-80_firmware1.0.1.788cpe:2.3:o:crestron:dm-nvx-dir-80_firmware:1.0.1.788:*:*:*:*:*:*:*
crestrondm-nvx-dir-160-cpe:2.3:h:crestron:dm-nvx-dir-160:-:*:*:*:*:*:*:*
crestrondm-nvx-dir-160_firmware1.0.1.788cpe:2.3:o:crestron:dm-nvx-dir-160_firmware:1.0.1.788:*:*:*:*:*:*:*
crestrondm-nvx-dir-ent-cpe:2.3:h:crestron:dm-nvx-dir-ent:-:*:*:*:*:*:*:*
crestrondm-nvx-dir-ent_firmware1.0.1.788cpe:2.3:o:crestron:dm-nvx-dir-ent_firmware:1.0.1.788:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
crestron	dm-nvx-dir-80	-	cpe:2.3:h:crestron:dm-nvx-dir-80:-:::::::*
crestron	dm-nvx-dir-80_firmware	1.0.1.788	cpe:2.3:o:crestron:dm-nvx-dir-80_firmware:1.0.1.788:::::::*
crestron	dm-nvx-dir-160	-	cpe:2.3:h:crestron:dm-nvx-dir-160:-:::::::*
crestron	dm-nvx-dir-160_firmware	1.0.1.788	cpe:2.3:o:crestron:dm-nvx-dir-160_firmware:1.0.1.788:::::::*
crestron	dm-nvx-dir-ent	-	cpe:2.3:h:crestron:dm-nvx-dir-ent:-:::::::*
crestron	dm-nvx-dir-ent_firmware	1.0.1.788	cpe:2.3:o:crestron:dm-nvx-dir-ent_firmware:1.0.1.788:::::::*

References

support.crestron.com

www.crestron.com/Security/Security-at-Crestron

www.crestron.com/Software-Firmware/Firmware/DigitalMedia/DM-XIO/1-0-3-802

www.security.crestron.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

39.5%

JSON

Related for CVE-2020-16839