4 matches found
Crestron AirMedia AM-100 and AM-101 Cross-Site Scripting Vulnerabilities
The Crestron AirMedia AM-100 and AM-101 are both gateway products from Crestron Electronics USA. A cross-site scripting vulnerability exists in the Crestron Airmedia AM-100 using firmware versions prior to 1.6.0 and the AM-101 using firmware versions prior to 2.7.0. A remote attacker can exploit...
Crestron AirMedia AM-100 cgi-bin/login.cgi Directory Traversal Vulnerability
The Crestron AirMedia AM-100 is a gateway product from Crestron Electronics, USA. A directory traversal vulnerability in the cgi-bin/login.cgi file in the Crestron AirMedia AM-100 device allows remote attackers to submit a special request to read arbitrary files...
CVE-2016-5640
Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. dot dot in the ATECOMMAND parameter...
Crestron AirMedia AM-100 contains multiple vulnerabilities
Overview The Crestron AirMedia AM-100 with firmware prior to version 1.4.0.13 is vulnerable to path traversal and command injection. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' - CVE-2016-5639 A path traversal vulnerability exists in login.cgi...