CVE-2019-3932

2019-04-3020:30:02

CWE-249

tenable

www.cve.org

9.8 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.7%

JSON

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use this vulnerability to control external devices via the uart_bridge.

CNA Affected

[
  {
    "product": "Crestron AirMedia",
    "vendor": "Crestron",
    "versions": [
      {
        "status": "affected",
        "version": "AM-100 firmware 1.6.0.2 and AM-101 firmware 2.7.0.2"
      }
    ]
  }
]

References

www.tenable.com/security/research/tra-2019-20