Search criteria
6 vulnerabilities found for dm-txrx-100-str by crestron
VAR-201608-0081
Vulnerability from variot - Updated: 2025-04-13 23:21Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and cross-site request forgery (CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices. Supplementary information : CWE Vulnerability type by CWE-306: Missing Authentication for Critical Function ( Lack of authentication for critical functions ) Has been identified. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities: 1. Multiple authentication-bypass vulnerabilities 2. Multiple security-bypass vulnerabilities 3. A cross-site request-forgery vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0081",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dm-txrx-100-str",
"scope": "eq",
"trust": 1.6,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": "lt",
"trust": 0.8,
"vendor": "crestron",
"version": "1.3039.00040"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "eq",
"trust": 0.3,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "ne",
"trust": 0.3,
"vendor": "crestron",
"version": "1.3039.00040"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004129"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-005"
},
{
"db": "NVD",
"id": "CVE-2016-5668"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:crestron:dm-txrx-100-str",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:crestron:dm-txrx-100-str_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004129"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carsten Eiram of Risk Based Security",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-005"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5668",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5668",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-94487",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5668",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5668",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-5668",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-005",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-94487",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94487"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004129"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-005"
},
{
"db": "NVD",
"id": "CVE-2016-5668"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and cross-site request forgery (CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices. Supplementary information : CWE Vulnerability type by CWE-306: Missing Authentication for Critical Function ( Lack of authentication for critical functions ) Has been identified. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities:\n1. Multiple authentication-bypass vulnerabilities\n2. Multiple security-bypass vulnerabilities\n3. A cross-site request-forgery vulnerability\nAn attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. \nCrestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5668"
},
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004129"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "VULHUB",
"id": "VHN-94487"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2016-5668",
"trust": 2.8
},
{
"db": "BID",
"id": "92211",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU93291811",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004129",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-005",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94487",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94487"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004129"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-005"
},
{
"db": "NVD",
"id": "CVE-2016-5668"
}
]
},
"id": "VAR-201608-0081",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94487"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:21:06.997000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DM-TXRX-100-STR",
"trust": 0.8,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"title": "Resource Library",
"trust": 0.8,
"url": "http://www.crestron.com/resources/resource-library/firmware"
},
{
"title": "Crestron Electronics DM-TXRX-100-STR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63406"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004129"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004129"
},
{
"db": "NVD",
"id": "CVE-2016-5668"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/974424"
},
{
"trust": 1.1,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92211"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/603.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/425.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/321.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://www.crestron.com/resources/resource-library/firmware"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5668"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93291811/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5668"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/bluu-a9cmty"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94487"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004129"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-005"
},
{
"db": "NVD",
"id": "CVE-2016-5668"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94487"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004129"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-005"
},
{
"db": "NVD",
"id": "CVE-2016-5668"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-03T00:00:00",
"db": "VULHUB",
"id": "VHN-94487"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004129"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-005"
},
{
"date": "2016-08-03T01:59:06.477000",
"db": "NVD",
"id": "CVE-2016-5668"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-94487"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004129"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-005"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5668"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-005"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-005"
}
],
"trust": 0.6
}
}
VAR-201608-0083
Vulnerability from variot - Updated: 2025-04-13 23:21Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and cross-site request forgery (CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities: 1. Multiple authentication-bypass vulnerabilities 2. Multiple security-bypass vulnerabilities 3. A cross-site request-forgery vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA. A remote attacker can exploit this vulnerability to gain privileges through the web management interface
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0083",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dm-txrx-100-str",
"scope": "eq",
"trust": 1.6,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": "lt",
"trust": 0.8,
"vendor": "crestron",
"version": "1.3039.00040"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "eq",
"trust": 0.3,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "ne",
"trust": 0.3,
"vendor": "crestron",
"version": "1.3039.00040"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004131"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-007"
},
{
"db": "NVD",
"id": "CVE-2016-5670"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:crestron:dm-txrx-100-str",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:crestron:dm-txrx-100-str_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004131"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carsten Eiram of Risk Based Security",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-007"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5670",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5670",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-94489",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5670",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5670",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-5670",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-007",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-94489",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94489"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004131"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-007"
},
{
"db": "NVD",
"id": "CVE-2016-5670"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and cross-site request forgery (CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities:\n1. Multiple authentication-bypass vulnerabilities\n2. Multiple security-bypass vulnerabilities\n3. A cross-site request-forgery vulnerability\nAn attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. \nCrestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA. A remote attacker can exploit this vulnerability to gain privileges through the web management interface",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5670"
},
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004131"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "VULHUB",
"id": "VHN-94489"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2016-5670",
"trust": 2.8
},
{
"db": "BID",
"id": "92211",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU93291811",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004131",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-007",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94489",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94489"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004131"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-007"
},
{
"db": "NVD",
"id": "CVE-2016-5670"
}
]
},
"id": "VAR-201608-0083",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94489"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:21:06.962000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Resource Library",
"trust": 0.8,
"url": "http://www.crestron.com/resources/resource-library/firmware"
},
{
"title": "DM-TXRX-100-STR",
"trust": 0.8,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"title": "Crestron Electronics DM-TXRX-100-STR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63408"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004131"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-007"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94489"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004131"
},
{
"db": "NVD",
"id": "CVE-2016-5670"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/974424"
},
{
"trust": 1.1,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92211"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/603.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/425.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/321.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://www.crestron.com/resources/resource-library/firmware"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5670"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93291811/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5670"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/bluu-a9cmty"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94489"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004131"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-007"
},
{
"db": "NVD",
"id": "CVE-2016-5670"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94489"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004131"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-007"
},
{
"db": "NVD",
"id": "CVE-2016-5670"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-03T00:00:00",
"db": "VULHUB",
"id": "VHN-94489"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004131"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-007"
},
{
"date": "2016-08-03T01:59:09.053000",
"db": "NVD",
"id": "CVE-2016-5670"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-94489"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004131"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-007"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5670"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-007"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-007"
}
],
"trust": 0.6
}
}
VAR-201608-0082
Vulnerability from variot - Updated: 2025-04-13 23:21Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate's trust relationship. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and cross-site request forgery (CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices. Supplementary information : CWE Vulnerability type by CWE-321: Use of Hard-coded Cryptographic Key ( Using hard-coded encryption keys ) Has been identified. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities: 1. Multiple authentication-bypass vulnerabilities 2. Multiple security-bypass vulnerabilities 3. A cross-site request-forgery vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0082",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dm-txrx-100-str",
"scope": "eq",
"trust": 1.6,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": "lt",
"trust": 0.8,
"vendor": "crestron",
"version": "1.3039.00040"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "eq",
"trust": 0.3,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "ne",
"trust": 0.3,
"vendor": "crestron",
"version": "1.3039.00040"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004130"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-006"
},
{
"db": "NVD",
"id": "CVE-2016-5669"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:crestron:dm-txrx-100-str",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:crestron:dm-txrx-100-str_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004130"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carsten Eiram of Risk Based Security",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-006"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5669",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5669",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-94488",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5669",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5669",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-5669",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-006",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94488",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94488"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004130"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-006"
},
{
"db": "NVD",
"id": "CVE-2016-5669"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate\u0027s trust relationship. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and cross-site request forgery (CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices. Supplementary information : CWE Vulnerability type by CWE-321: Use of Hard-coded Cryptographic Key ( Using hard-coded encryption keys ) Has been identified. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities:\n1. Multiple authentication-bypass vulnerabilities\n2. Multiple security-bypass vulnerabilities\n3. A cross-site request-forgery vulnerability\nAn attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. \nCrestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5669"
},
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004130"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "VULHUB",
"id": "VHN-94488"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2016-5669",
"trust": 2.8
},
{
"db": "BID",
"id": "92211",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU93291811",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004130",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-006",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94488",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94488"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004130"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-006"
},
{
"db": "NVD",
"id": "CVE-2016-5669"
}
]
},
"id": "VAR-201608-0082",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94488"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:21:06.929000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DM-TXRX-100-STR",
"trust": 0.8,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"title": "Resource Library",
"trust": 0.8,
"url": "http://www.crestron.com/resources/resource-library/firmware"
},
{
"title": "Crestron Electronics DM-TXRX-100-STR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63407"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004130"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-006"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004130"
},
{
"db": "NVD",
"id": "CVE-2016-5669"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/974424"
},
{
"trust": 1.1,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92211"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/603.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/425.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/321.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://www.crestron.com/resources/resource-library/firmware"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5669"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93291811/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5669"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/bluu-a9cmty"
},
{
"trust": 0.8,
"url": "https://www.censys.io/certificates/51ab293c9fe391eeeb1a2739de15cd8029e3033142962c6c386f2da78d03a945"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94488"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004130"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-006"
},
{
"db": "NVD",
"id": "CVE-2016-5669"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94488"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004130"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-006"
},
{
"db": "NVD",
"id": "CVE-2016-5669"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-03T00:00:00",
"db": "VULHUB",
"id": "VHN-94488"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004130"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-006"
},
{
"date": "2016-08-03T01:59:07.693000",
"db": "NVD",
"id": "CVE-2016-5669"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-94488"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004130"
},
{
"date": "2016-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-006"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5669"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-006"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-006"
}
],
"trust": 0.6
}
}
VAR-201608-0080
Vulnerability from variot - Updated: 2025-04-13 23:21Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and cross-site request forgery (CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices. Crestron Electronics DM-TXRX-100-STR The device firmware contains a vulnerability that prevents authentication. Supplementary information : CWE Vulnerability type by CWE-425: Direct Request ( Force viewing ) Has been identified. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities: 1. Multiple authentication-bypass vulnerabilities 2. Multiple security-bypass vulnerabilities 3. A cross-site request-forgery vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0080",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dm-txrx-100-str",
"scope": "eq",
"trust": 1.6,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": "lt",
"trust": 0.8,
"vendor": "crestron",
"version": "1.3039.00040"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "eq",
"trust": 0.3,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "ne",
"trust": 0.3,
"vendor": "crestron",
"version": "1.3039.00040"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004128"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-004"
},
{
"db": "NVD",
"id": "CVE-2016-5667"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:crestron:dm-txrx-100-str",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:crestron:dm-txrx-100-str_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004128"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carsten Eiram of Risk Based Security",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-004"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5667",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5667",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-94486",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5667",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5667",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-5667",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-004",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-94486",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-5667",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94486"
},
{
"db": "VULMON",
"id": "CVE-2016-5667"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004128"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-004"
},
{
"db": "NVD",
"id": "CVE-2016-5667"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and cross-site request forgery (CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices. Crestron Electronics DM-TXRX-100-STR The device firmware contains a vulnerability that prevents authentication. Supplementary information : CWE Vulnerability type by CWE-425: Direct Request ( Force viewing ) Has been identified. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities:\n1. Multiple authentication-bypass vulnerabilities\n2. Multiple security-bypass vulnerabilities\n3. A cross-site request-forgery vulnerability\nAn attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. \nCrestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5667"
},
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004128"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "VULHUB",
"id": "VHN-94486"
},
{
"db": "VULMON",
"id": "CVE-2016-5667"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424",
"trust": 3.7
},
{
"db": "NVD",
"id": "CVE-2016-5667",
"trust": 2.9
},
{
"db": "BID",
"id": "92211",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU93291811",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004128",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-004",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94486",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5667",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94486"
},
{
"db": "VULMON",
"id": "CVE-2016-5667"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004128"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-004"
},
{
"db": "NVD",
"id": "CVE-2016-5667"
}
]
},
"id": "VAR-201608-0080",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94486"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:21:06.892000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DM-TXRX-100-STR",
"trust": 0.8,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"title": "Resource Library",
"trust": 0.8,
"url": "http://www.crestron.com/resources/resource-library/firmware"
},
{
"title": "Crestron Electronics DM-TXRX-100-STR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63405"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004128"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-004"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004128"
},
{
"db": "NVD",
"id": "CVE-2016-5667"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.kb.cert.org/vuls/id/974424"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/92211"
},
{
"trust": 1.1,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/603.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/425.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/321.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://www.crestron.com/resources/resource-library/firmware"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5667"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93291811/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5667"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/bluu-a9cmty"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94486"
},
{
"db": "VULMON",
"id": "CVE-2016-5667"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004128"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-004"
},
{
"db": "NVD",
"id": "CVE-2016-5667"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94486"
},
{
"db": "VULMON",
"id": "CVE-2016-5667"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004128"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-004"
},
{
"db": "NVD",
"id": "CVE-2016-5667"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-03T00:00:00",
"db": "VULHUB",
"id": "VHN-94486"
},
{
"date": "2016-08-03T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5667"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004128"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-004"
},
{
"date": "2016-08-03T01:59:05.147000",
"db": "NVD",
"id": "CVE-2016-5667"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-94486"
},
{
"date": "2016-08-15T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5667"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004128"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-004"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5667"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-004"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-004"
}
],
"trust": 0.6
}
}
VAR-201608-0079
Vulnerability from variot - Updated: 2025-04-13 23:21Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and cross-site request forgery (CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices. Supplementary information : CWE Vulnerability type by CWE-603: Use of Client-Side Authentication ( Using client-side authentication ) Has been identified. http://cwe.mitre.org/data/definitions/603.htmlBy a third party objresp.authenabled The value 1 If set to, access rights may be obtained. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities: 1. Multiple authentication-bypass vulnerabilities 2. Multiple security-bypass vulnerabilities 3. A cross-site request-forgery vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dm-txrx-100-str",
"scope": "eq",
"trust": 1.6,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": "lt",
"trust": 0.8,
"vendor": "crestron",
"version": "1.3039.00040"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "eq",
"trust": 0.3,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "ne",
"trust": 0.3,
"vendor": "crestron",
"version": "1.3039.00040"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004127"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-003"
},
{
"db": "NVD",
"id": "CVE-2016-5666"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:crestron:dm-txrx-100-str",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:crestron:dm-txrx-100-str_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004127"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carsten Eiram of Risk Based Security",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-003"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5666",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5666",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-94485",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5666",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5666",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-5666",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-003",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94485",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94485"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004127"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-003"
},
{
"db": "NVD",
"id": "CVE-2016-5666"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and cross-site request forgery (CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices. Supplementary information : CWE Vulnerability type by CWE-603: Use of Client-Side Authentication ( Using client-side authentication ) Has been identified. http://cwe.mitre.org/data/definitions/603.htmlBy a third party objresp.authenabled The value 1 If set to, access rights may be obtained. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities:\n1. Multiple authentication-bypass vulnerabilities\n2. Multiple security-bypass vulnerabilities\n3. A cross-site request-forgery vulnerability\nAn attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. \nCrestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5666"
},
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004127"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "VULHUB",
"id": "VHN-94485"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2016-5666",
"trust": 2.8
},
{
"db": "BID",
"id": "92211",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU93291811",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004127",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-003",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94485",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94485"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004127"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-003"
},
{
"db": "NVD",
"id": "CVE-2016-5666"
}
]
},
"id": "VAR-201608-0079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94485"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:21:06.859000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DM-TXRX-100-STR",
"trust": 0.8,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"title": "Resource Library",
"trust": 0.8,
"url": "http://www.crestron.com/resources/resource-library/firmware"
},
{
"title": "Crestron Electronics DM-TXRX-100-STR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63404"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004127"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-003"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004127"
},
{
"db": "NVD",
"id": "CVE-2016-5666"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/974424"
},
{
"trust": 1.1,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92211"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/603.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/425.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/321.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://www.crestron.com/resources/resource-library/firmware"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5666"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93291811/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5666"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/bluu-a9cmty"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94485"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004127"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-003"
},
{
"db": "NVD",
"id": "CVE-2016-5666"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94485"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004127"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-003"
},
{
"db": "NVD",
"id": "CVE-2016-5666"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-03T00:00:00",
"db": "VULHUB",
"id": "VHN-94485"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004127"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-003"
},
{
"date": "2016-08-03T01:59:03.740000",
"db": "NVD",
"id": "CVE-2016-5666"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-94485"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004127"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-003"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5666"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-003"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-003"
}
],
"trust": 0.6
}
}
VAR-201608-0084
Vulnerability from variot - Updated: 2025-04-13 23:21Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users. These vulnerabilities may be leveraged to gain complete control of affected devices. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities: 1. Multiple authentication-bypass vulnerabilities 2. Multiple security-bypass vulnerabilities 3. A cross-site request-forgery vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA. A remote attacker could exploit this vulnerability to perform unauthorized operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0084",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dm-txrx-100-str",
"scope": "lte",
"trust": 1.0,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": "lte",
"trust": 0.8,
"vendor": "crestron",
"version": "1.3039.00040"
},
{
"model": "dm-txrx-100-str",
"scope": "eq",
"trust": 0.6,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "eq",
"trust": 0.3,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "ne",
"trust": 0.3,
"vendor": "crestron",
"version": "1.3039.00040"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004135"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-008"
},
{
"db": "NVD",
"id": "CVE-2016-5671"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:crestron:dm-txrx-100-str",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:crestron:dm-txrx-100-str_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004135"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carsten Eiram of Risk Based Security",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-008"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5671",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-5671",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-94490",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-5671",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5671",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5671",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-008",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94490",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94490"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004135"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-008"
},
{
"db": "NVD",
"id": "CVE-2016-5671"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users. These vulnerabilities may be leveraged to gain complete control of affected devices. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities:\n1. Multiple authentication-bypass vulnerabilities\n2. Multiple security-bypass vulnerabilities\n3. A cross-site request-forgery vulnerability\nAn attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. \nCrestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA. A remote attacker could exploit this vulnerability to perform unauthorized operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5671"
},
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004135"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "VULHUB",
"id": "VHN-94490"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2016-5671",
"trust": 2.8
},
{
"db": "BID",
"id": "92211",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU93291811",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004135",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-008",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94490",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94490"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004135"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-008"
},
{
"db": "NVD",
"id": "CVE-2016-5671"
}
]
},
"id": "VAR-201608-0084",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94490"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:21:06.826000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DM-TXRX-100-STR",
"trust": 0.8,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"title": "Resource Library",
"trust": 0.8,
"url": "http://www.crestron.com/resources/resource-library/firmware"
},
{
"title": "Crestron Electronics DM-TXRX-100-STR Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63409"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004135"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-008"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94490"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004135"
},
{
"db": "NVD",
"id": "CVE-2016-5671"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/974424"
},
{
"trust": 1.1,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92211"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/603.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/425.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/321.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://www.crestron.com/resources/resource-library/firmware"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5671"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93291811/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5671"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/bluu-a9cmty"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94490"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004135"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-008"
},
{
"db": "NVD",
"id": "CVE-2016-5671"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94490"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004135"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-008"
},
{
"db": "NVD",
"id": "CVE-2016-5671"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-03T00:00:00",
"db": "VULHUB",
"id": "VHN-94490"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004135"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-008"
},
{
"date": "2016-08-03T01:59:10.117000",
"db": "NVD",
"id": "CVE-2016-5671"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-94490"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004135"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-008"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5671"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-008"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-008"
}
],
"trust": 0.6
}
}