CVE-2019-3937

2019-04-3020:38:24

CWE-312

tenable

www.cve.org

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in cleartext in the file /tmp/scfgdndf. A local attacker can use this vulnerability to recover sensitive data.

CNA Affected

[
  {
    "product": "Crestron AirMedia",
    "vendor": "Crestron",
    "versions": [
      {
        "status": "affected",
        "version": "AM-100 firmware 1.6.0.2 and AM-101 firmware 2.7.0.2"
      }
    ]
  }
]

References

www.tenable.com/security/research/tra-2019-20