CVE-2019-3935

2019-04-3020:34:51

CWE-284

tenable

www.cve.org

9.2 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.4%

JSON

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. A remote, unauthenticated attacker can use this vulnerability to start, stop, and disconnect active slideshows.

CNA Affected

[
  {
    "product": "Crestron AirMedia",
    "vendor": "Crestron",
    "versions": [
      {
        "status": "affected",
        "version": "AM-100 firmware 1.6.0.2 and AM-101 firmware 2.7.0.2"
      }
    ]
  }
]

References

www.tenable.com/security/research/tra-2019-20