Open redirect

For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open...

CVE-2018-13341

Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execut...

Code injection

Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execut...

CVE-2018-13341

Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execut...

CVE-2018-10630

For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open...

CVE-2018-10630

CVE-2018-10630 covers improper access control in Crestron TSW-X60 (versions before 2.001.0037.001) and MC3 (before 1.502.0047.001). The devices are shipped with authentication disabled, with no user indication to enable it; if compromised, access to the CTP console can be left open. Connected adv...

CVE-2018-10630

For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open...

CVE-2018-13341

Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execut...

CVE-2018-13341

CVE-2018-13341 affects Crestron TSW-X60 (pre-2.001.0037.001) and MC3 (pre-1.502.0047.001). Root cause: insufficiently protected credentials allowing password derivation for special sudo accounts from information accessible to regular users, enabling hidden API calls and escape from the CTP consol...

Crestron TSW-X60 and MC3

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Crestron Equipment: TSW-X60 and MC3 Vulnerabilities: OS Command Injections, Improper Access Control, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these...

mc3.edu XSS vulnerability

Open Bug Bounty ID: OBB-61139 Description| Value ---|--- Affected Website:| mc3.edu Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...