Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
[
{
"product": "Crestron AirMedia",
"vendor": "Crestron",
"versions": [
{
"status": "affected",
"version": "AM-100 firmware 1.6.0.2 and AM-101 firmware 2.7.0.2"
}
]
}
]