Cross site request forgery (csrf)

On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request...

多款 Crestron 设备授权问题漏洞

Crestron Electronics Crestron DM-NVX-DIR and DM-NVX-ENT are both virtual switching devices from Crestron Electronics, Inc. An authorization issue vulnerability exists in multiple Crestron devices where an attacker can send an unauthenticated Websocket request to change a password because the devi...

CVE-2020-16839

This CVE affects Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices prior to patch DM-XIO/1-0-3-802. The root issue is an unauthenticated WebSocket request that allows changing the device password, indicating a lack of proper permission validation on the WebSocket API. The vulnerability is...

CVE-2020-16839

On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request...