Am-100 Firmware Security Vulnerabilities and Issues — Am-100 Firmware CVE List

Lucene search

CrestronAm-100 Firmware

5 matches found

CVE•added 2019/04/30 9:29 p.m.•53 views

CVE-2019-3931

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can use this vulnerability to upload files to the device and ultimately execute code as root.

9CVSS8.8AI score0.04313EPSS

CVE•added 2019/04/30 9:29 p.m.•46 views

CVE-2019-3932

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use this vulnerability to control external devices via the uart_bridge.

9.8CVSS9.7AI score0.083EPSS

CVE•added 2019/04/30 9:29 p.m.•43 views

CVE-2019-3927

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker can use this vulnerability to change the admin or mod...

9.8CVSS9.5AI score0.0215EPSS

CVE•added 2019/04/30 9:29 p.m.•35 views

CVE-2019-3935

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. A remote, unauthenticated attacker can use this vulnerability to start, stop, and disconnect active slideshows.

9.1CVSS9AI score0.01698EPSS

CVE•added 2019/04/30 9:29 p.m.•32 views

CVE-2019-3939

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged access to the device.

9.8CVSS9.5AI score0.04226EPSS