EUVD-2016-6611

Malware in sbrugna...

CVE-2016-5671

Multiple cross-site request forgery CSRF vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users...

CVE-2016-5670

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface...

CVE-2016-5669

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging th...

CVE-2016-5668

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call...

CVE-2016-5666

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1...

Hardcoded credentials

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface...

Hardcoded credentials

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging th...

CVE-2016-5667

CVE-2016-5667 affects Crestron DM-TXRX-100-STR devices with firmware prior to 1.3039.00040. The vulnerability allows an unauthenticated remote attacker to bypass authentication by directly requesting a page other than index.html, effectively enabling access to the web management interface without...

CVE-2016-5671

Multiple cross-site request forgery CSRF vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users...

CVE-2016-5670

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface...

CVE-2016-5670

CVE-2016-5670 affects Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040, which use non-random default credentials (admin:admin) for the web management interface. This hard-coded credential baseline enables remote attackers to gain privileged, unauthenticated access vi...

CVE-2016-5668

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call...

CVE-2016-5668

CVE-2016-5668 affects Crestron DM-TXRX-100-STR devices running firmware before 1.3039.00040. The vulnerability is an authentication bypass in the device’s web management interface, where a JSON API call can modify device settings without authentication (Missing Authentication for Critical Functio...

CVE-2016-5666

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1...

CVE-2016-5671

The CVE-2016-5671 issue affects Crestron DM-TXRX-100-STR devices running firmware up to 1.3039.00040. The NVD entry describes multiple CSRF vulnerabilities in the device’s web interface that can allow remote attackers to hijack user authentication. Crestron’s vendor statement notes that CSRF (CVE...

CVE-2016-5669

The affected product is Crestron DM-TXRX-100-STR devices with firmware before 1.3039.00040. The root cause is a hardcoded X.509 certificate (0xb9eed4d955a59eb3 from the OpenSSL Test Certification Authority) used for HTTPS, which enables an attacker to perform MITM by exploiting the device’s trust...

CVE-2016-5667

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html...

CVE-2016-5666

CVE-2016-5666 affects Crestron DM-TXRX-100-STR, firmware versions older than 1.3039.00040. The vulnerability stems from client-side authentication in the web management interface, where an attacker can set objresp.authenabled to 1 and obtain administrative access remotely. The issue is part of mu...

Crestron Electronics DM-TXRX-100-STR Security Restriction Bypass Vulnerability

The Crestron Electronics DM-TXRX-100-STR is a multimedia streaming codec. A security vulnerability exists in the Crestron Electronics DM-TXRX-100-STR 1.3039.00040. It could allow a remote attacker to bypass authentication by directly requesting a non-index.html page...