Creston Web Interface 1.0.0.2159 - Credential Disclosure Vulnerability

Exploit Title: Creston Web Interface 1.0.0.2159 - Credential Disclosure Exploit Author: RedTeam Pentesting GmbH Advisory: Credential Disclosure in Web Interface of Crestron Device When the administrative web interface of the Crestron HDMI switcher is accessed unauthenticated, user credentials are...

CVE-2022-23178

An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname...

CVE-2022-23178

An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname...

CVE-2022-23178

CVE-2022-23178 affects Crestron HD-MD4X2-4K-E devices (firmware v1.0.0.2159). The unauthenticated admin web interface exposes credentials by sending a JSON payload with uname and upassword via aj.html, enabling login to the web interface. Impact is high (full authentication/password disclosure wi...

Crestron HD-MD4X2-4K-E 1.0.0.2159 Credential Disclosure

Advisory: Credential Disclosure in Web Interface of Crestron Device When the administrative web interface of the Crestron HDMI switcher is accessed unauthenticated, user credentials are disclosed which are valid to authenticate to the web interface. Details ======= Product: Crestron HD-MD4X2-4K-E...