Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users...

CVE-2016-5666

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1...

CVE-2016-5667

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html...

CVE-2016-5669

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging th...

CVE-2016-5670

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface...

CVE-2016-5671

Multiple cross-site request forgery CSRF vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users...

CVE-2016-5668

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call...

CVE-2016-5671

The CVE-2016-5671 issue affects Crestron DM-TXRX-100-STR devices running firmware up to 1.3039.00040. The NVD entry describes multiple CSRF vulnerabilities in the device’s web interface that can allow remote attackers to hijack user authentication. Crestron’s vendor statement notes that CSRF (CVE...

CVE-2016-5669

The affected product is Crestron DM-TXRX-100-STR devices with firmware before 1.3039.00040. The root cause is a hardcoded X.509 certificate (0xb9eed4d955a59eb3 from the OpenSSL Test Certification Authority) used for HTTPS, which enables an attacker to perform MITM by exploiting the device’s trust...

CVE-2016-5667

CVE-2016-5667 affects Crestron DM-TXRX-100-STR devices with firmware prior to 1.3039.00040. The vulnerability allows an unauthenticated remote attacker to bypass authentication by directly requesting a page other than index.html, effectively enabling access to the web management interface without...

CVE-2016-5670

CVE-2016-5670 affects Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040, which use non-random default credentials (admin:admin) for the web management interface. This hard-coded credential baseline enables remote attackers to gain privileged, unauthenticated access vi...

CVE-2016-5668

CVE-2016-5668 affects Crestron DM-TXRX-100-STR devices running firmware before 1.3039.00040. The vulnerability is an authentication bypass in the device’s web management interface, where a JSON API call can modify device settings without authentication (Missing Authentication for Critical Functio...

CVE-2016-5666

CVE-2016-5666 affects Crestron DM-TXRX-100-STR, firmware versions older than 1.3039.00040. The vulnerability stems from client-side authentication in the web management interface, where an attacker can set objresp.authenabled to 1 and obtain administrative access remotely. The issue is part of mu...

Crestron Electronics DM-TXRX-100-STR Security Restriction Bypass Vulnerability (CNVD-2016-05940)

The Crestron Electronics DM-TXRX-100-STR is a multimedia streaming codec. A security vulnerability exists in the Crestron Electronics DM-TXRX-100-STR 1.3039.00040. It could allow a remote attacker to bypass authentication and change settings via JSON API calls...

Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities

Overview Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and...

Multiple Generic Vulnerabilities in the Special Equipment Inspection Management System of Tronda Electronics Co.

Tronda Electronics Co., Ltd. is a business dealing in camera accessories. A file read and SQL injection vulnerability exists in the Special Equipment Inspection Management System of Tronda Electronics Ltd. Allows attackers to utilize common SQL injection tools to obtain sensitive database...

SQL Injection Vulnerability in Special Equipment Inspection Management System of Fuzhou Tranda Electronics Co.(CNVD-2016-06025)

Fuzhou Chuangda Electronics Co., Ltd. is a high-tech enterprise specializing in software development, system integration, security services and other computer information services. Fuzhou Chuangda Electronics Co., Ltd. special equipment inspection management system/jy/util/selectryone.jsp?ryqx=1...

SQL Injection Vulnerability in Special Equipment Inspection Management System of Fuzhou Tranda Electronics Co.(CNVD-2016-06026)

Special Equipment Inspection Management System of Fuzhou Chuangda Electronics Co., Ltd. is a data and information management system. Fuzhou Chuangda Electronics Co., Ltd. special equipment inspection management system jy/bglskAction.do?task=edit&YWLSH=000038 page there is a SQL injection...

SQL Injection Vulnerability in Special Equipment Inspection Management System of Fuzhou Tranda Electronics Co.

Special Equipment Inspection Management System of Fuzhou Chuangda Electronics Co., Ltd. is a data and information management system. Fuzhou Chuangda Electronics Co., Ltd. special equipment inspection and management system: /jy/util/areaadmin.jsp?supform=froms&supaid=area&supcd=DQDM&supnm=area&csh...

SQL Injection Vulnerability in Special Equipment Inspection Management System of Fuzhou Tranda Electronics Co.(CNVD-2016-06020)

Fuzhou Tranda Electronics Co., Ltd. is a high-tech enterprise specializing in software development, system integration, security services and other computer information services. Fuzhou Chuangda Electronics Co., Ltd. special equipment inspection management system is a data information management...