EUVD-2019-13546

Malware in sbrugna...

VulnCheck KEV: CVE-2022-23178

An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with...

CVE-2022-23178

An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname...

Crestron Device Detection (CTP)

Crestron Terminal Protocol CTP based detection of Crestron devices. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2016-5671

Multiple cross-site request forgery CSRF vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users...

CVE-2016-5670

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface...

CVE-2016-5669

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging th...

CVE-2016-5667

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html...

CVE-2016-5666

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1...

Crestron Electronics DM-TXRX-100-STR Security Restriction Bypass Vulnerability (CNVD-2016-05941)

The Crestron Electronics DM-TXRX-100-STR is a multimedia streaming codec. The Crestron Electronics DM-TXRX-100-STR 1.3039.00040 performs authentication via the client, which allows a remote attacker to set objresp.authenabled to 1 and gain access...

Crestron Electronics DM-TXRX-100-STR Hardcoded Password Vulnerability

The Crestron Electronics DM-TXRX-100-STR is a multimedia streaming codec. The Crestron Electronics DM-TXRX-100-STR 1.3039.00040 has a hard-coded password for the admin account. This could allow a remote attacker to gain access through the web management interface...