Search
Find a vulnerability
Search criteria
84 vulnerabilities by CRESTRON
VAR-201806-1058
Vulnerability from variot - Updated: 2026-04-10 23:52Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP). plural Crestron Device and code injection vulnerabilities exist.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability.The specific flaw exists within the MAKEDIR command of the CTP console. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker could leverage this vulnerability to execute code with root privileges. CrestronTSW-1060 and other are touch screen devices of Crestron Electronics of the United States. There are security vulnerabilities in several Crestron products
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "tsw-760",
"scope": null,
"trust": 9.8,
"vendor": "crestron",
"version": null
},
{
"_id": null,
"model": "toolbox protocol",
"scope": "lt",
"trust": 1.0,
"vendor": "crestron",
"version": "2.001.0037.001"
},
{
"_id": null,
"model": "toolbox protocol",
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"_id": null,
"model": "tsw-1060",
"scope": "lt",
"trust": 0.6,
"vendor": "crestron",
"version": "2.001.0037.001"
},
{
"_id": null,
"model": "tsw-760",
"scope": "lt",
"trust": 0.6,
"vendor": "crestron",
"version": "2.001.0037.001"
},
{
"_id": null,
"model": "tsw-560",
"scope": "lt",
"trust": 0.6,
"vendor": "crestron",
"version": "2.001.0037.001"
},
{
"_id": null,
"model": "tsw-1060-nc",
"scope": "lt",
"trust": 0.6,
"vendor": "crestron",
"version": "2.001.0037.001"
},
{
"_id": null,
"model": "tsw-760-nc",
"scope": "lt",
"trust": 0.6,
"vendor": "crestron",
"version": "2.001.0037.001"
},
{
"_id": null,
"model": "tsw-560-nc",
"scope": "lt",
"trust": 0.6,
"vendor": "crestron",
"version": "2.001.0037.001"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-935"
},
{
"db": "ZDI",
"id": "ZDI-18-926"
},
{
"db": "ZDI",
"id": "ZDI-18-1080"
},
{
"db": "ZDI",
"id": "ZDI-18-931"
},
{
"db": "ZDI",
"id": "ZDI-18-924"
},
{
"db": "ZDI",
"id": "ZDI-18-938"
},
{
"db": "ZDI",
"id": "ZDI-18-916"
},
{
"db": "ZDI",
"id": "ZDI-18-929"
},
{
"db": "ZDI",
"id": "ZDI-18-927"
},
{
"db": "ZDI",
"id": "ZDI-18-928"
},
{
"db": "ZDI",
"id": "ZDI-18-921"
},
{
"db": "ZDI",
"id": "ZDI-18-922"
},
{
"db": "ZDI",
"id": "ZDI-18-923"
},
{
"db": "ZDI",
"id": "ZDI-18-937"
},
{
"db": "CNVD",
"id": "CNVD-2018-12159"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006297"
},
{
"db": "NVD",
"id": "CVE-2018-11228"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:crestron:crestron_toolbox_protocol_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006297"
}
]
},
"credits": {
"_id": null,
"data": "Ricky \"HeadlessZeke\" Lawshae",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-935"
},
{
"db": "ZDI",
"id": "ZDI-18-926"
},
{
"db": "ZDI",
"id": "ZDI-18-1080"
},
{
"db": "ZDI",
"id": "ZDI-18-931"
},
{
"db": "ZDI",
"id": "ZDI-18-924"
},
{
"db": "ZDI",
"id": "ZDI-18-938"
},
{
"db": "ZDI",
"id": "ZDI-18-916"
},
{
"db": "ZDI",
"id": "ZDI-18-929"
},
{
"db": "ZDI",
"id": "ZDI-18-927"
},
{
"db": "ZDI",
"id": "ZDI-18-928"
},
{
"db": "ZDI",
"id": "ZDI-18-921"
},
{
"db": "ZDI",
"id": "ZDI-18-922"
},
{
"db": "ZDI",
"id": "ZDI-18-923"
},
{
"db": "ZDI",
"id": "ZDI-18-937"
}
],
"trust": 9.8
},
"cve": "CVE-2018-11228",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-11228",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 9.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-11228",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CVE-2018-11228",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-12159",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-11228",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2018-11228",
"trust": 9.8,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2018-11228",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-11228",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-12159",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-670",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2018-11228",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-935"
},
{
"db": "ZDI",
"id": "ZDI-18-926"
},
{
"db": "ZDI",
"id": "ZDI-18-1080"
},
{
"db": "ZDI",
"id": "ZDI-18-931"
},
{
"db": "ZDI",
"id": "ZDI-18-924"
},
{
"db": "ZDI",
"id": "ZDI-18-938"
},
{
"db": "ZDI",
"id": "ZDI-18-916"
},
{
"db": "ZDI",
"id": "ZDI-18-929"
},
{
"db": "ZDI",
"id": "ZDI-18-927"
},
{
"db": "ZDI",
"id": "ZDI-18-928"
},
{
"db": "ZDI",
"id": "ZDI-18-921"
},
{
"db": "ZDI",
"id": "ZDI-18-922"
},
{
"db": "ZDI",
"id": "ZDI-18-923"
},
{
"db": "ZDI",
"id": "ZDI-18-937"
},
{
"db": "CNVD",
"id": "CNVD-2018-12159"
},
{
"db": "VULMON",
"id": "CVE-2018-11228"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-670"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006297"
},
{
"db": "NVD",
"id": "CVE-2018-11228"
}
]
},
"description": {
"_id": null,
"data": "Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP). plural Crestron Device and code injection vulnerabilities exist.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron\u0027s Android-based products. Authentication is not required to exploit this vulnerability.The specific flaw exists within the MAKEDIR command of the CTP console. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker could leverage this vulnerability to execute code with root privileges. CrestronTSW-1060 and other are touch screen devices of Crestron Electronics of the United States. There are security vulnerabilities in several Crestron products",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11228"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006297"
},
{
"db": "ZDI",
"id": "ZDI-18-927"
},
{
"db": "ZDI",
"id": "ZDI-18-937"
},
{
"db": "ZDI",
"id": "ZDI-18-923"
},
{
"db": "ZDI",
"id": "ZDI-18-922"
},
{
"db": "ZDI",
"id": "ZDI-18-921"
},
{
"db": "ZDI",
"id": "ZDI-18-926"
},
{
"db": "ZDI",
"id": "ZDI-18-935"
},
{
"db": "ZDI",
"id": "ZDI-18-929"
},
{
"db": "ZDI",
"id": "ZDI-18-916"
},
{
"db": "ZDI",
"id": "ZDI-18-938"
},
{
"db": "ZDI",
"id": "ZDI-18-924"
},
{
"db": "ZDI",
"id": "ZDI-18-931"
},
{
"db": "ZDI",
"id": "ZDI-18-1080"
},
{
"db": "ZDI",
"id": "ZDI-18-928"
},
{
"db": "CNVD",
"id": "CNVD-2018-12159"
},
{
"db": "VULMON",
"id": "CVE-2018-11228"
}
],
"trust": 11.07
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-11228",
"trust": 12.9
},
{
"db": "ICS CERT",
"id": "ICSA-18-221-01",
"trust": 1.9
},
{
"db": "BID",
"id": "105051",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006297",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6176",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-935",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6167",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-926",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6274",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1080",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6172",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-931",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6165",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-924",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6189",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-938",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6156",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-916",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6170",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-929",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6168",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-927",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6169",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-928",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6161",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-921",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6163",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-922",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6164",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-923",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6178",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-937",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-12159",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201806-670",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-11228",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-935"
},
{
"db": "ZDI",
"id": "ZDI-18-926"
},
{
"db": "ZDI",
"id": "ZDI-18-1080"
},
{
"db": "ZDI",
"id": "ZDI-18-931"
},
{
"db": "ZDI",
"id": "ZDI-18-924"
},
{
"db": "ZDI",
"id": "ZDI-18-938"
},
{
"db": "ZDI",
"id": "ZDI-18-916"
},
{
"db": "ZDI",
"id": "ZDI-18-929"
},
{
"db": "ZDI",
"id": "ZDI-18-927"
},
{
"db": "ZDI",
"id": "ZDI-18-928"
},
{
"db": "ZDI",
"id": "ZDI-18-921"
},
{
"db": "ZDI",
"id": "ZDI-18-922"
},
{
"db": "ZDI",
"id": "ZDI-18-923"
},
{
"db": "ZDI",
"id": "ZDI-18-937"
},
{
"db": "CNVD",
"id": "CNVD-2018-12159"
},
{
"db": "VULMON",
"id": "CVE-2018-11228"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-670"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006297"
},
{
"db": "NVD",
"id": "CVE-2018-11228"
}
]
},
"id": "VAR-201806-1058",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12159"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12159"
}
]
},
"last_update_date": "2026-04-10T23:52:22.797000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Crestron has issued an update to correct this vulnerability.",
"trust": 9.8,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01"
},
{
"title": "CVE-2018-11228: OS COMMAND INJECTION",
"trust": 0.8,
"url": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet"
},
{
"title": "Patches for multiple Crestron product code execution vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/132893"
},
{
"title": "Multiple Crestron Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80850"
},
{
"title": "crestron_getsudopwd",
"trust": 0.1,
"url": "https://github.com/axcheron/crestron_getsudopwd "
},
{
"title": "CVE-2018-13341",
"trust": 0.1,
"url": "https://github.com/Rajchowdhury420/CVE-2018-13341 "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-935"
},
{
"db": "ZDI",
"id": "ZDI-18-926"
},
{
"db": "ZDI",
"id": "ZDI-18-1080"
},
{
"db": "ZDI",
"id": "ZDI-18-931"
},
{
"db": "ZDI",
"id": "ZDI-18-924"
},
{
"db": "ZDI",
"id": "ZDI-18-938"
},
{
"db": "ZDI",
"id": "ZDI-18-916"
},
{
"db": "ZDI",
"id": "ZDI-18-929"
},
{
"db": "ZDI",
"id": "ZDI-18-927"
},
{
"db": "ZDI",
"id": "ZDI-18-928"
},
{
"db": "ZDI",
"id": "ZDI-18-921"
},
{
"db": "ZDI",
"id": "ZDI-18-922"
},
{
"db": "ZDI",
"id": "ZDI-18-923"
},
{
"db": "ZDI",
"id": "ZDI-18-937"
},
{
"db": "CNVD",
"id": "CNVD-2018-12159"
},
{
"db": "VULMON",
"id": "CVE-2018-11228"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-670"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006297"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-94",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006297"
},
{
"db": "NVD",
"id": "CVE-2018-11228"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 11.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-221-01"
},
{
"trust": 1.7,
"url": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11228"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/105051"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11228"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/94.html"
},
{
"trust": 0.1,
"url": "https://github.com/axcheron/crestron_getsudopwd"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-935"
},
{
"db": "ZDI",
"id": "ZDI-18-926"
},
{
"db": "ZDI",
"id": "ZDI-18-1080"
},
{
"db": "ZDI",
"id": "ZDI-18-931"
},
{
"db": "ZDI",
"id": "ZDI-18-924"
},
{
"db": "ZDI",
"id": "ZDI-18-938"
},
{
"db": "ZDI",
"id": "ZDI-18-916"
},
{
"db": "ZDI",
"id": "ZDI-18-929"
},
{
"db": "ZDI",
"id": "ZDI-18-927"
},
{
"db": "ZDI",
"id": "ZDI-18-928"
},
{
"db": "ZDI",
"id": "ZDI-18-921"
},
{
"db": "ZDI",
"id": "ZDI-18-922"
},
{
"db": "ZDI",
"id": "ZDI-18-923"
},
{
"db": "ZDI",
"id": "ZDI-18-937"
},
{
"db": "CNVD",
"id": "CNVD-2018-12159"
},
{
"db": "VULMON",
"id": "CVE-2018-11228"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-670"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006297"
},
{
"db": "NVD",
"id": "CVE-2018-11228"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-18-935",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-926",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-1080",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-931",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-924",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-938",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-916",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-929",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-927",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-928",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-921",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-922",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-923",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-18-937",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2018-12159",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2018-11228",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201806-670",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006297",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-11228",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-935",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-926",
"ident": null
},
{
"date": "2018-09-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1080",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-931",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-924",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-938",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-916",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-929",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-927",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-928",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-921",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-922",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-923",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-937",
"ident": null
},
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12159",
"ident": null
},
{
"date": "2018-06-08T00:00:00",
"db": "VULMON",
"id": "CVE-2018-11228",
"ident": null
},
{
"date": "2018-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-670",
"ident": null
},
{
"date": "2018-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006297",
"ident": null
},
{
"date": "2018-06-08T01:29:00.950000",
"db": "NVD",
"id": "CVE-2018-11228",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-935",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-926",
"ident": null
},
{
"date": "2018-09-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1080",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-931",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-924",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-938",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-916",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-929",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-927",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-928",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-921",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-922",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-923",
"ident": null
},
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-937",
"ident": null
},
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12159",
"ident": null
},
{
"date": "2019-05-02T00:00:00",
"db": "VULMON",
"id": "CVE-2018-11228",
"ident": null
},
{
"date": "2018-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-670",
"ident": null
},
{
"date": "2018-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006297",
"ident": null
},
{
"date": "2024-11-21T03:42:56.903000",
"db": "NVD",
"id": "CVE-2018-11228",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-670"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "plural Crestron Device code injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006297"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-670"
}
],
"trust": 0.6
}
}
VAR-201904-0320
Vulnerability from variot - Updated: 2025-11-18 15:18The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root. Crestron AM-100 There is a command injection vulnerability in products such as firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A command injection vulnerability exists in several routers. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0320",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wepresent wipg-1000p",
"scope": "eq",
"trust": 1.8,
"vendor": "barco",
"version": "2.3.0.10"
},
{
"model": "wepresent wipg-1600w",
"scope": "lt",
"trust": 1.8,
"vendor": "barco",
"version": "2.4.1.19"
},
{
"model": "sharelink 200",
"scope": "eq",
"trust": 1.8,
"vendor": "extron",
"version": "2.0.3.4"
},
{
"model": "sharelink 250",
"scope": "eq",
"trust": 1.8,
"vendor": "extron",
"version": "2.0.3.4"
},
{
"model": "liteshow3",
"scope": "eq",
"trust": 1.8,
"vendor": "infocus",
"version": "1.0.16"
},
{
"model": "liteshow4",
"scope": "eq",
"trust": 1.8,
"vendor": "infocus",
"version": "2.0.0.7"
},
{
"model": "wps-pro",
"scope": "eq",
"trust": 1.8,
"vendor": "optoma",
"version": "1.0.0.5"
},
{
"model": "pn-l703wa",
"scope": "eq",
"trust": 1.8,
"vendor": "sharp",
"version": "1.4.2.3"
},
{
"model": "hd wireless presentation system",
"scope": "eq",
"trust": 1.0,
"vendor": "blackbox",
"version": "1.0.0.5"
},
{
"model": "wips710",
"scope": "eq",
"trust": 1.0,
"vendor": "teqavit",
"version": "1.1.0.7"
},
{
"model": "am-100",
"scope": "eq",
"trust": 1.0,
"vendor": "crestron",
"version": "1.6.0.2"
},
{
"model": "am-101",
"scope": "eq",
"trust": 1.0,
"vendor": "crestron",
"version": "2.7.0.2"
},
{
"model": "hd wireless presentation system",
"scope": "eq",
"trust": 0.8,
"vendor": "black box network services",
"version": "1.0.0.5"
},
{
"model": "airmedia am-100",
"scope": "eq",
"trust": 0.8,
"vendor": "crestron",
"version": "1.6.0.2"
},
{
"model": "airmedia am-101",
"scope": "eq",
"trust": 0.8,
"vendor": "crestron",
"version": "2.7.0.1"
},
{
"model": "wips710",
"scope": "eq",
"trust": 0.8,
"vendor": "teq avit",
"version": "1.1.0.7"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004073"
},
{
"db": "NVD",
"id": "CVE-2019-3929"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:barco:wepresent_wipg-1000p_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:barco:wepresent_wipg-1600w_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:blackbox:hd_wireless_presentation_system_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:crestron:airmedia_am-100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:crestron:airmedia_am-101_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:extron:sharelink_200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:extron:sharelink_250_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:infocus:liteshow3_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:infocus:liteshow4_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:optoma:wps-pro_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:teqavit:wips710_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sharp:pn-l703wa_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004073"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Baines",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1386"
}
],
"trust": 0.6
},
"cve": "CVE-2019-3929",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-3929",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-155364",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-3929",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3929",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3929",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2019-3929",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-3929",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1386",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-155364",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-3929",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155364"
},
{
"db": "VULMON",
"id": "CVE-2019-3929"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1386"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004073"
},
{
"db": "NVD",
"id": "CVE-2019-3929"
},
{
"db": "NVD",
"id": "CVE-2019-3929"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root. Crestron AM-100 There is a command injection vulnerability in products such as firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A command injection vulnerability exists in several routers. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3929"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004073"
},
{
"db": "VULHUB",
"id": "VHN-155364"
},
{
"db": "VULMON",
"id": "CVE-2019-3929"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-155364",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=46786",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155364"
},
{
"db": "VULMON",
"id": "CVE-2019-3929"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3929",
"trust": 2.6
},
{
"db": "TENABLE",
"id": "TRA-2019-20",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "46786",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "155948",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "152715",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004073",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1386",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "47924",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-155364",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-3929",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155364"
},
{
"db": "VULMON",
"id": "CVE-2019-3929"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1386"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004073"
},
{
"db": "NVD",
"id": "CVE-2019-3929"
}
]
},
"id": "VAR-201904-0320",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155364"
}
],
"trust": 0.01
},
"last_update_date": "2025-11-18T15:18:01.893000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "wePresent WiPG-1000",
"trust": 0.8,
"url": "https://www.barco.com/en/product/wepresent-wipg-1000"
},
{
"title": "wePresent WiPG-1600W",
"trust": 0.8,
"url": "https://www.barco.com/en/product/wepresent-wipg-1600w"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.blackbox.com/en-us"
},
{
"title": "AM-100",
"trust": 0.8,
"url": "https://www.crestron.com/en-US/Products/Workspace-Solutions/Wireless-Presentation-Solutions/AirMedia-Presentation-Gateways/AM-100"
},
{
"title": "AM-101",
"trust": 0.8,
"url": "https://www.crestron.com/en-US/Products/Workspace-Solutions/Wireless-Presentation-Solutions/AirMedia-Presentation-Gateways/AM-101"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.extron.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.infocus.com/"
},
{
"title": "WPS Pro",
"trust": 0.8,
"url": "https://www.optoma.com/us/product/wps-pro/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.teq-avit.com/"
},
{
"title": "PN-L703WA",
"trust": 0.8,
"url": "https://jp.sharp/business/bigpad/lineup/pnl703wa/"
},
{
"title": "CVE-2019-3929",
"trust": 0.1,
"url": "https://github.com/xfox64x/CVE-2019-3929 "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000S/PoC-in-GitHub "
},
{
"title": "CVE-POC",
"trust": 0.1,
"url": "https://github.com/0xT11/CVE-POC "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/hectorgie/PoC-in-GitHub "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/nomi-sec/PoC-in-GitHub "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/bugs-wireless-presentation-systems/144318/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3929"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004073"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155364"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004073"
},
{
"db": "NVD",
"id": "CVE-2019-3929"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://packetstormsecurity.com/files/152715/barco-awind-oem-presentation-platform-unauthenticated-remote-command-injection.html"
},
{
"trust": 2.6,
"url": "https://www.tenable.com/security/research/tra-2019-20"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/46786/"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/155948/barco-wepresent-file_transfer.cgi-command-injection.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3929"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2019-3929"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3929"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/46786"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/47924"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155948/barco-wepresent-file/transfer.cgi-command-injection.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://github.com/xfox64x/cve-2019-3929"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155364"
},
{
"db": "VULMON",
"id": "CVE-2019-3929"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1386"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004073"
},
{
"db": "NVD",
"id": "CVE-2019-3929"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155364"
},
{
"db": "VULMON",
"id": "CVE-2019-3929"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1386"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004073"
},
{
"db": "NVD",
"id": "CVE-2019-3929"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-30T00:00:00",
"db": "VULHUB",
"id": "VHN-155364"
},
{
"date": "2019-04-30T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3929"
},
{
"date": "2019-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1386"
},
{
"date": "2019-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004073"
},
{
"date": "2019-04-30T21:29:00.713000",
"db": "NVD",
"id": "CVE-2019-3929"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-155364"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3929"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1386"
},
{
"date": "2019-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004073"
},
{
"date": "2025-11-03T18:59:33.857000",
"db": "NVD",
"id": "CVE-2019-3929"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1386"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron AM-100 Command injection vulnerability in products such as firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004073"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1386"
}
],
"trust": 0.6
}
}
VAR-201608-0066
Vulnerability from variot - Updated: 2025-04-13 23:22Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter. The Crestron AirMedia AM-100 with firmware prior to version 1.4.0.13 is vulnerable to path traversal and command injection. CrestronAirMediaAM-100 is a gateway product from Crestron Electronics of the United States. Crestron AirMedia AM-100 is prone to a directory-traversal vulnerability and a command-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Crestron AirMedia AM-100 running firmware versions 1.1.1.11 through 1.2.1 are vulnerable. =================================================================
Crestron AM-100 (Multiple Vulnerabilities)
=================================================================
Date: 2016-08-01
Exploit Author: Zach Lanier
Vendor Homepage: https://www.crestron.com/products/model/am-100
Version: v1.1.1.11 - v1.2.1
CVE: CVE-2016-5639
References:
https://medium.com/@benichmt1/an-unwanted-wireless-guest-9433383b1673#.78tu9divi
https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2016-05-001.md
Description: The Crestron AirMedia AM-100 with firmware versions v1.1.1.11 - v1.2.1 is vulnerable to multiple issues.
1) Path Traversal
GET request: http://[AM-100-ADDRESS]/cgi-bin/login.cgi?lang=en&src=../../../../../../../../../../../../../../../../../../../../etc/shadow
2) Hidden Management Console
http://[AM-100-ADDRESS]/cgi-bin/login_rdtool.cgi The AM-100 has a hardcoded default credential of rdtool::mistral5885 This interface contains the ability to upload arbitrary files (RD upload) and can enable a telnet server that runs on port 5885 (RD Debug mode).
3) Hardcoded credentials
The default root password for these devices is root::awind5885 Valid login sessions for the default (non-debugging) management interface are stored on the filesystem as session01, session02.. etc. Cleartext credentials can be read directly from these files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0066",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airmedia am-100",
"scope": "lte",
"trust": 1.0,
"vendor": "crestron",
"version": "1.4.0.12"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "airmedia am-100",
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "airmedia am-100",
"scope": "lt",
"trust": 0.8,
"vendor": "crestron",
"version": "1.4.0.13"
},
{
"model": "electronics crestron airmedia am-100",
"scope": "gte",
"trust": 0.6,
"vendor": "crestron",
"version": "1.1.1.11,\u003c=1.2.1"
},
{
"model": "airmedia am-100",
"scope": "eq",
"trust": 0.6,
"vendor": "crestron",
"version": "1.4.0.12"
},
{
"model": "electronics airmedia am-100",
"scope": "eq",
"trust": 0.3,
"vendor": "crestron",
"version": "1.2.1"
},
{
"model": "electronics airmedia am-100",
"scope": "eq",
"trust": 0.3,
"vendor": "crestron",
"version": "1.2"
},
{
"model": "electronics airmedia am-100",
"scope": "eq",
"trust": 0.3,
"vendor": "crestron",
"version": "1.1.1.11"
},
{
"model": "electronics airmedia am-100",
"scope": "ne",
"trust": 0.3,
"vendor": "crestron",
"version": "1.4.0.13"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#603047"
},
{
"db": "CNVD",
"id": "CNVD-2016-06112"
},
{
"db": "BID",
"id": "92216"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004125"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-001"
},
{
"db": "NVD",
"id": "CVE-2016-5639"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:crestron:airmedia_am-100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:crestron:airmedia_am-100_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004125"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zach Lanier of Cylance, Inc.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-001"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5639",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5639",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-06112",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-94458",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5639",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5639",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5639",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-06112",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-001",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94458",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06112"
},
{
"db": "VULHUB",
"id": "VHN-94458"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004125"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-001"
},
{
"db": "NVD",
"id": "CVE-2016-5639"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter. The Crestron AirMedia AM-100 with firmware prior to version 1.4.0.13 is vulnerable to path traversal and command injection. CrestronAirMediaAM-100 is a gateway product from Crestron Electronics of the United States. Crestron AirMedia AM-100 is prone to a directory-traversal vulnerability and a command-injection vulnerability because it fails to sufficiently sanitize user-supplied input. \nCrestron AirMedia AM-100 running firmware versions 1.1.1.11 through 1.2.1 are vulnerable. =================================================================\n# Crestron AM-100 (Multiple Vulnerabilities)\n=================================================================\n# Date: 2016-08-01\n# Exploit Author: Zach Lanier\n# Vendor Homepage: https://www.crestron.com/products/model/am-100\n# Version: v1.1.1.11 - v1.2.1\n# CVE: CVE-2016-5639 \n# References: \n# https://medium.com/@benichmt1/an-unwanted-wireless-guest-9433383b1673#.78tu9divi\n# https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2016-05-001.md\n \nDescription:\nThe Crestron AirMedia AM-100 with firmware versions v1.1.1.11 - v1.2.1 is vulnerable to multiple issues. \n \n1) Path Traversal\n \nGET request: \nhttp://[AM-100-ADDRESS]/cgi-bin/login.cgi?lang=en\u0026src=../../../../../../../../../../../../../../../../../../../../etc/shadow\n \n2) Hidden Management Console\n \nhttp://[AM-100-ADDRESS]/cgi-bin/login_rdtool.cgi\nThe AM-100 has a hardcoded default credential of rdtool::mistral5885\nThis interface contains the ability to upload arbitrary files (RD upload) and can enable a telnet server that runs on port 5885 (RD Debug mode). \n \n3) Hardcoded credentials\n \nThe default root password for these devices is root::awind5885\nValid login sessions for the default (non-debugging) management interface are stored on the filesystem as session01, session02.. etc. Cleartext credentials can be read directly from these files",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5639"
},
{
"db": "CERT/CC",
"id": "VU#603047"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004125"
},
{
"db": "CNVD",
"id": "CNVD-2016-06112"
},
{
"db": "BID",
"id": "92216"
},
{
"db": "VULHUB",
"id": "VHN-94458"
},
{
"db": "PACKETSTORM",
"id": "139867"
}
],
"trust": 3.33
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-94458",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94458"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#603047",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2016-5639",
"trust": 3.5
},
{
"db": "BID",
"id": "92216",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "40813",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU97169528",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004125",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-001",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-06112",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "139867",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-94458",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#603047"
},
{
"db": "CNVD",
"id": "CNVD-2016-06112"
},
{
"db": "VULHUB",
"id": "VHN-94458"
},
{
"db": "BID",
"id": "92216"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004125"
},
{
"db": "PACKETSTORM",
"id": "139867"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-001"
},
{
"db": "NVD",
"id": "CVE-2016-5639"
}
]
},
"id": "VAR-201608-0066",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06112"
},
{
"db": "VULHUB",
"id": "VHN-94458"
}
],
"trust": 1.4125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06112"
}
]
},
"last_update_date": "2025-04-13T23:22:20.702000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AirMedia Presentation Gateway AM-100",
"trust": 0.8,
"url": "http://www.crestron.com/products/model/AM-100"
},
{
"title": "CrestronAirMediaAM-100cgi-bin/login.cgi directory traversal vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/80180"
},
{
"title": "Crestron AirMedia AM-100 Fixes for directory traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63402"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06112"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004125"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-001"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94458"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004125"
},
{
"db": "NVD",
"id": "CVE-2016-5639"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "https://github.com/cylancevulnresearch/disclosures/blob/master/clva-2016-05-001.md"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/603047"
},
{
"trust": 1.2,
"url": "http://www.crestron.com/products/model/am-100"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92216"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/40813/"
},
{
"trust": 0.8,
"url": "https://github.com/cylancevulnresearch/disclosures/blob/master/clva-2016-05-002.md"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5639"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97169528/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5639"
},
{
"trust": 0.1,
"url": "http://[am-100-address]/cgi-bin/login_rdtool.cgi"
},
{
"trust": 0.1,
"url": "https://medium.com/@benichmt1/an-unwanted-wireless-guest-9433383b1673#.78tu9divi"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5639"
},
{
"trust": 0.1,
"url": "http://[am-100-address]/cgi-bin/login.cgi?lang=en\u0026src=../../../../../../../../../../../../../../../../../../../../etc/shadow"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#603047"
},
{
"db": "CNVD",
"id": "CNVD-2016-06112"
},
{
"db": "VULHUB",
"id": "VHN-94458"
},
{
"db": "BID",
"id": "92216"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004125"
},
{
"db": "PACKETSTORM",
"id": "139867"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-001"
},
{
"db": "NVD",
"id": "CVE-2016-5639"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#603047"
},
{
"db": "CNVD",
"id": "CNVD-2016-06112"
},
{
"db": "VULHUB",
"id": "VHN-94458"
},
{
"db": "BID",
"id": "92216"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004125"
},
{
"db": "PACKETSTORM",
"id": "139867"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-001"
},
{
"db": "NVD",
"id": "CVE-2016-5639"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#603047"
},
{
"date": "2016-08-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-06112"
},
{
"date": "2016-08-03T00:00:00",
"db": "VULHUB",
"id": "VHN-94458"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92216"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004125"
},
{
"date": "2016-11-23T00:10:33",
"db": "PACKETSTORM",
"id": "139867"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-001"
},
{
"date": "2016-08-03T01:59:01.317000",
"db": "NVD",
"id": "CVE-2016-5639"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-02T00:00:00",
"db": "CERT/CC",
"id": "VU#603047"
},
{
"date": "2016-08-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-06112"
},
{
"date": "2017-09-03T00:00:00",
"db": "VULHUB",
"id": "VHN-94458"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92216"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004125"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-001"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5639"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-001"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron AirMedia AM-100 contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#603047"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-001"
}
],
"trust": 0.6
}
}
VAR-201608-0067
Vulnerability from variot - Updated: 2025-04-13 23:22Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter. The Crestron AirMedia AM-100 with firmware prior to version 1.4.0.13 is vulnerable to path traversal and command injection. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. http://cwe.mitre.org/data/definitions/77.htmlBy a third party .. Crestron AirMedia AM-100 is prone to a directory-traversal vulnerability and a command-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Crestron AirMedia AM-100 running firmware versions 1.1.1.11 through 1.2.1 are vulnerable. Crestron AirMedia AM-100 is a smart home gateway product produced by Crestron Electronics in the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0067",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airmedia am-100",
"scope": "lte",
"trust": 1.0,
"vendor": "crestron",
"version": "1.2.1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "airmedia am-100",
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "airmedia am-100",
"scope": "lt",
"trust": 0.8,
"vendor": "crestron",
"version": "1.4.0.13"
},
{
"model": "airmedia am-100",
"scope": "eq",
"trust": 0.6,
"vendor": "crestron",
"version": "1.2.1"
},
{
"model": "electronics airmedia am-100",
"scope": "eq",
"trust": 0.3,
"vendor": "crestron",
"version": "1.2.1"
},
{
"model": "electronics airmedia am-100",
"scope": "eq",
"trust": 0.3,
"vendor": "crestron",
"version": "1.2"
},
{
"model": "electronics airmedia am-100",
"scope": "eq",
"trust": 0.3,
"vendor": "crestron",
"version": "1.1.1.11"
},
{
"model": "electronics airmedia am-100",
"scope": "ne",
"trust": 0.3,
"vendor": "crestron",
"version": "1.4.0.13"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#603047"
},
{
"db": "BID",
"id": "92216"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004126"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-002"
},
{
"db": "NVD",
"id": "CVE-2016-5640"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:crestron:airmedia_am-100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:crestron:airmedia_am-100_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004126"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zach Lanier of Cylance, Inc.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-002"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5640",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5640",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-94459",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5640",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5640",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-5640",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-002",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-94459",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-5640",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94459"
},
{
"db": "VULMON",
"id": "CVE-2016-5640"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004126"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-002"
},
{
"db": "NVD",
"id": "CVE-2016-5640"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter. The Crestron AirMedia AM-100 with firmware prior to version 1.4.0.13 is vulnerable to path traversal and command injection. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. http://cwe.mitre.org/data/definitions/77.htmlBy a third party .. Crestron AirMedia AM-100 is prone to a directory-traversal vulnerability and a command-injection vulnerability because it fails to sufficiently sanitize user-supplied input. \nCrestron AirMedia AM-100 running firmware versions 1.1.1.11 through 1.2.1 are vulnerable. Crestron AirMedia AM-100 is a smart home gateway product produced by Crestron Electronics in the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5640"
},
{
"db": "CERT/CC",
"id": "VU#603047"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004126"
},
{
"db": "BID",
"id": "92216"
},
{
"db": "VULHUB",
"id": "VHN-94459"
},
{
"db": "VULMON",
"id": "CVE-2016-5640"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#603047",
"trust": 3.7
},
{
"db": "NVD",
"id": "CVE-2016-5640",
"trust": 2.9
},
{
"db": "BID",
"id": "92216",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU97169528",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004126",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-002",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94459",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5640",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#603047"
},
{
"db": "VULHUB",
"id": "VHN-94459"
},
{
"db": "VULMON",
"id": "CVE-2016-5640"
},
{
"db": "BID",
"id": "92216"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004126"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-002"
},
{
"db": "NVD",
"id": "CVE-2016-5640"
}
]
},
"id": "VAR-201608-0067",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94459"
}
],
"trust": 0.725
},
"last_update_date": "2025-04-13T23:22:20.664000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AirMedia Presentation Gateway AM-100",
"trust": 0.8,
"url": "http://www.crestron.com/products/model/AM-100"
},
{
"title": "Crestron AirMedia AM-100 Fixes for directory traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63403"
},
{
"title": "python3-Crest-Crack",
"trust": 0.1,
"url": "https://github.com/XxLilBoPeepsxX/python3-Crest-Crack "
},
{
"title": "CVE-2016-5640",
"trust": 0.1,
"url": "https://github.com/xfox64x/CVE-2016-5640 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-5640"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004126"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-002"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94459"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004126"
},
{
"db": "NVD",
"id": "CVE-2016-5640"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://github.com/cylancevulnresearch/disclosures/blob/master/clva-2016-05-002.md"
},
{
"trust": 3.0,
"url": "http://www.kb.cert.org/vuls/id/603047"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/92216"
},
{
"trust": 1.1,
"url": "http://www.crestron.com/products/model/am-100"
},
{
"trust": 0.9,
"url": "http://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.8,
"url": "https://github.com/cylancevulnresearch/disclosures/blob/master/clva-2016-05-001.md"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5640"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu97169528/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5640"
},
{
"trust": 0.1,
"url": "https://github.com/xxlilbopeepsxx/python3-crest-crack"
},
{
"trust": 0.1,
"url": "https://github.com/xfox64x/cve-2016-5640"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#603047"
},
{
"db": "VULHUB",
"id": "VHN-94459"
},
{
"db": "VULMON",
"id": "CVE-2016-5640"
},
{
"db": "BID",
"id": "92216"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004126"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-002"
},
{
"db": "NVD",
"id": "CVE-2016-5640"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#603047"
},
{
"db": "VULHUB",
"id": "VHN-94459"
},
{
"db": "VULMON",
"id": "CVE-2016-5640"
},
{
"db": "BID",
"id": "92216"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004126"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-002"
},
{
"db": "NVD",
"id": "CVE-2016-5640"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#603047"
},
{
"date": "2016-08-03T00:00:00",
"db": "VULHUB",
"id": "VHN-94459"
},
{
"date": "2016-08-03T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5640"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92216"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004126"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-002"
},
{
"date": "2016-08-03T01:59:02.520000",
"db": "NVD",
"id": "CVE-2016-5640"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-02T00:00:00",
"db": "CERT/CC",
"id": "VU#603047"
},
{
"date": "2016-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-94459"
},
{
"date": "2016-08-15T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5640"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92216"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004126"
},
{
"date": "2016-08-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-002"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5640"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-002"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron AirMedia AM-100 contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#603047"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-002"
}
],
"trust": 0.6
}
}
VAR-201608-0081
Vulnerability from variot - Updated: 2025-04-13 23:21Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and cross-site request forgery (CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices. Supplementary information : CWE Vulnerability type by CWE-306: Missing Authentication for Critical Function ( Lack of authentication for critical functions ) Has been identified. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities: 1. Multiple authentication-bypass vulnerabilities 2. Multiple security-bypass vulnerabilities 3. A cross-site request-forgery vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0081",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dm-txrx-100-str",
"scope": "eq",
"trust": 1.6,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": "lt",
"trust": 0.8,
"vendor": "crestron",
"version": "1.3039.00040"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "eq",
"trust": 0.3,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "ne",
"trust": 0.3,
"vendor": "crestron",
"version": "1.3039.00040"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004129"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-005"
},
{
"db": "NVD",
"id": "CVE-2016-5668"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:crestron:dm-txrx-100-str",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:crestron:dm-txrx-100-str_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004129"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carsten Eiram of Risk Based Security",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-005"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5668",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5668",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-94487",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5668",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5668",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-5668",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-005",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-94487",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94487"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004129"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-005"
},
{
"db": "NVD",
"id": "CVE-2016-5668"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and cross-site request forgery (CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices. Supplementary information : CWE Vulnerability type by CWE-306: Missing Authentication for Critical Function ( Lack of authentication for critical functions ) Has been identified. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities:\n1. Multiple authentication-bypass vulnerabilities\n2. Multiple security-bypass vulnerabilities\n3. A cross-site request-forgery vulnerability\nAn attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. \nCrestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5668"
},
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004129"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "VULHUB",
"id": "VHN-94487"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2016-5668",
"trust": 2.8
},
{
"db": "BID",
"id": "92211",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU93291811",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004129",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-005",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94487",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94487"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004129"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-005"
},
{
"db": "NVD",
"id": "CVE-2016-5668"
}
]
},
"id": "VAR-201608-0081",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94487"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:21:06.997000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DM-TXRX-100-STR",
"trust": 0.8,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"title": "Resource Library",
"trust": 0.8,
"url": "http://www.crestron.com/resources/resource-library/firmware"
},
{
"title": "Crestron Electronics DM-TXRX-100-STR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63406"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004129"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004129"
},
{
"db": "NVD",
"id": "CVE-2016-5668"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/974424"
},
{
"trust": 1.1,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92211"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/603.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/425.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/321.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://www.crestron.com/resources/resource-library/firmware"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5668"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93291811/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5668"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/bluu-a9cmty"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94487"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004129"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-005"
},
{
"db": "NVD",
"id": "CVE-2016-5668"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94487"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004129"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-005"
},
{
"db": "NVD",
"id": "CVE-2016-5668"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-03T00:00:00",
"db": "VULHUB",
"id": "VHN-94487"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004129"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-005"
},
{
"date": "2016-08-03T01:59:06.477000",
"db": "NVD",
"id": "CVE-2016-5668"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-94487"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004129"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-005"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5668"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-005"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-005"
}
],
"trust": 0.6
}
}
VAR-201608-0083
Vulnerability from variot - Updated: 2025-04-13 23:21Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and cross-site request forgery (CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities: 1. Multiple authentication-bypass vulnerabilities 2. Multiple security-bypass vulnerabilities 3. A cross-site request-forgery vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA. A remote attacker can exploit this vulnerability to gain privileges through the web management interface
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0083",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dm-txrx-100-str",
"scope": "eq",
"trust": 1.6,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": "lt",
"trust": 0.8,
"vendor": "crestron",
"version": "1.3039.00040"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "eq",
"trust": 0.3,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "ne",
"trust": 0.3,
"vendor": "crestron",
"version": "1.3039.00040"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004131"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-007"
},
{
"db": "NVD",
"id": "CVE-2016-5670"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:crestron:dm-txrx-100-str",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:crestron:dm-txrx-100-str_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004131"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carsten Eiram of Risk Based Security",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-007"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5670",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5670",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-94489",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5670",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5670",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-5670",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-007",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-94489",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94489"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004131"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-007"
},
{
"db": "NVD",
"id": "CVE-2016-5670"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and cross-site request forgery (CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities:\n1. Multiple authentication-bypass vulnerabilities\n2. Multiple security-bypass vulnerabilities\n3. A cross-site request-forgery vulnerability\nAn attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. \nCrestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA. A remote attacker can exploit this vulnerability to gain privileges through the web management interface",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5670"
},
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004131"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "VULHUB",
"id": "VHN-94489"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2016-5670",
"trust": 2.8
},
{
"db": "BID",
"id": "92211",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU93291811",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004131",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-007",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94489",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94489"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004131"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-007"
},
{
"db": "NVD",
"id": "CVE-2016-5670"
}
]
},
"id": "VAR-201608-0083",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94489"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:21:06.962000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Resource Library",
"trust": 0.8,
"url": "http://www.crestron.com/resources/resource-library/firmware"
},
{
"title": "DM-TXRX-100-STR",
"trust": 0.8,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"title": "Crestron Electronics DM-TXRX-100-STR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63408"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004131"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-007"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94489"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004131"
},
{
"db": "NVD",
"id": "CVE-2016-5670"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/974424"
},
{
"trust": 1.1,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92211"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/603.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/425.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/321.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://www.crestron.com/resources/resource-library/firmware"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5670"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93291811/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5670"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/bluu-a9cmty"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94489"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004131"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-007"
},
{
"db": "NVD",
"id": "CVE-2016-5670"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94489"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004131"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-007"
},
{
"db": "NVD",
"id": "CVE-2016-5670"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-03T00:00:00",
"db": "VULHUB",
"id": "VHN-94489"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004131"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-007"
},
{
"date": "2016-08-03T01:59:09.053000",
"db": "NVD",
"id": "CVE-2016-5670"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-94489"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004131"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-007"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5670"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-007"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-007"
}
],
"trust": 0.6
}
}
VAR-201608-0082
Vulnerability from variot - Updated: 2025-04-13 23:21Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate's trust relationship. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and cross-site request forgery (CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices. Supplementary information : CWE Vulnerability type by CWE-321: Use of Hard-coded Cryptographic Key ( Using hard-coded encryption keys ) Has been identified. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities: 1. Multiple authentication-bypass vulnerabilities 2. Multiple security-bypass vulnerabilities 3. A cross-site request-forgery vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0082",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dm-txrx-100-str",
"scope": "eq",
"trust": 1.6,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": "lt",
"trust": 0.8,
"vendor": "crestron",
"version": "1.3039.00040"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "eq",
"trust": 0.3,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "ne",
"trust": 0.3,
"vendor": "crestron",
"version": "1.3039.00040"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004130"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-006"
},
{
"db": "NVD",
"id": "CVE-2016-5669"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:crestron:dm-txrx-100-str",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:crestron:dm-txrx-100-str_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004130"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carsten Eiram of Risk Based Security",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-006"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5669",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5669",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-94488",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5669",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5669",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-5669",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-006",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94488",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94488"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004130"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-006"
},
{
"db": "NVD",
"id": "CVE-2016-5669"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate\u0027s trust relationship. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and cross-site request forgery (CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices. Supplementary information : CWE Vulnerability type by CWE-321: Use of Hard-coded Cryptographic Key ( Using hard-coded encryption keys ) Has been identified. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities:\n1. Multiple authentication-bypass vulnerabilities\n2. Multiple security-bypass vulnerabilities\n3. A cross-site request-forgery vulnerability\nAn attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. \nCrestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5669"
},
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004130"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "VULHUB",
"id": "VHN-94488"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2016-5669",
"trust": 2.8
},
{
"db": "BID",
"id": "92211",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU93291811",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004130",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-006",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94488",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94488"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004130"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-006"
},
{
"db": "NVD",
"id": "CVE-2016-5669"
}
]
},
"id": "VAR-201608-0082",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94488"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:21:06.929000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DM-TXRX-100-STR",
"trust": 0.8,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"title": "Resource Library",
"trust": 0.8,
"url": "http://www.crestron.com/resources/resource-library/firmware"
},
{
"title": "Crestron Electronics DM-TXRX-100-STR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63407"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004130"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-006"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004130"
},
{
"db": "NVD",
"id": "CVE-2016-5669"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/974424"
},
{
"trust": 1.1,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92211"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/603.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/425.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/321.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://www.crestron.com/resources/resource-library/firmware"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5669"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93291811/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5669"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/bluu-a9cmty"
},
{
"trust": 0.8,
"url": "https://www.censys.io/certificates/51ab293c9fe391eeeb1a2739de15cd8029e3033142962c6c386f2da78d03a945"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94488"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004130"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-006"
},
{
"db": "NVD",
"id": "CVE-2016-5669"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94488"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004130"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-006"
},
{
"db": "NVD",
"id": "CVE-2016-5669"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-03T00:00:00",
"db": "VULHUB",
"id": "VHN-94488"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004130"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-006"
},
{
"date": "2016-08-03T01:59:07.693000",
"db": "NVD",
"id": "CVE-2016-5669"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-94488"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004130"
},
{
"date": "2016-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-006"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5669"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-006"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-006"
}
],
"trust": 0.6
}
}
VAR-201608-0080
Vulnerability from variot - Updated: 2025-04-13 23:21Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and cross-site request forgery (CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices. Crestron Electronics DM-TXRX-100-STR The device firmware contains a vulnerability that prevents authentication. Supplementary information : CWE Vulnerability type by CWE-425: Direct Request ( Force viewing ) Has been identified. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities: 1. Multiple authentication-bypass vulnerabilities 2. Multiple security-bypass vulnerabilities 3. A cross-site request-forgery vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0080",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dm-txrx-100-str",
"scope": "eq",
"trust": 1.6,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": "lt",
"trust": 0.8,
"vendor": "crestron",
"version": "1.3039.00040"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "eq",
"trust": 0.3,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "ne",
"trust": 0.3,
"vendor": "crestron",
"version": "1.3039.00040"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004128"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-004"
},
{
"db": "NVD",
"id": "CVE-2016-5667"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:crestron:dm-txrx-100-str",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:crestron:dm-txrx-100-str_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004128"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carsten Eiram of Risk Based Security",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-004"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5667",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5667",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-94486",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5667",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5667",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-5667",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-004",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-94486",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-5667",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94486"
},
{
"db": "VULMON",
"id": "CVE-2016-5667"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004128"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-004"
},
{
"db": "NVD",
"id": "CVE-2016-5667"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and cross-site request forgery (CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices. Crestron Electronics DM-TXRX-100-STR The device firmware contains a vulnerability that prevents authentication. Supplementary information : CWE Vulnerability type by CWE-425: Direct Request ( Force viewing ) Has been identified. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities:\n1. Multiple authentication-bypass vulnerabilities\n2. Multiple security-bypass vulnerabilities\n3. A cross-site request-forgery vulnerability\nAn attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. \nCrestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5667"
},
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004128"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "VULHUB",
"id": "VHN-94486"
},
{
"db": "VULMON",
"id": "CVE-2016-5667"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424",
"trust": 3.7
},
{
"db": "NVD",
"id": "CVE-2016-5667",
"trust": 2.9
},
{
"db": "BID",
"id": "92211",
"trust": 1.5
},
{
"db": "JVN",
"id": "JVNVU93291811",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004128",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-004",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94486",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5667",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94486"
},
{
"db": "VULMON",
"id": "CVE-2016-5667"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004128"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-004"
},
{
"db": "NVD",
"id": "CVE-2016-5667"
}
]
},
"id": "VAR-201608-0080",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94486"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:21:06.892000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DM-TXRX-100-STR",
"trust": 0.8,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"title": "Resource Library",
"trust": 0.8,
"url": "http://www.crestron.com/resources/resource-library/firmware"
},
{
"title": "Crestron Electronics DM-TXRX-100-STR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63405"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004128"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-004"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004128"
},
{
"db": "NVD",
"id": "CVE-2016-5667"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.kb.cert.org/vuls/id/974424"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/92211"
},
{
"trust": 1.1,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/603.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/425.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/321.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://www.crestron.com/resources/resource-library/firmware"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5667"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93291811/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5667"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/bluu-a9cmty"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94486"
},
{
"db": "VULMON",
"id": "CVE-2016-5667"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004128"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-004"
},
{
"db": "NVD",
"id": "CVE-2016-5667"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94486"
},
{
"db": "VULMON",
"id": "CVE-2016-5667"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004128"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-004"
},
{
"db": "NVD",
"id": "CVE-2016-5667"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-03T00:00:00",
"db": "VULHUB",
"id": "VHN-94486"
},
{
"date": "2016-08-03T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5667"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004128"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-004"
},
{
"date": "2016-08-03T01:59:05.147000",
"db": "NVD",
"id": "CVE-2016-5667"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-94486"
},
{
"date": "2016-08-15T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5667"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004128"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-004"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5667"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-004"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-004"
}
],
"trust": 0.6
}
}
VAR-201608-0079
Vulnerability from variot - Updated: 2025-04-13 23:21Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and cross-site request forgery (CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices. Supplementary information : CWE Vulnerability type by CWE-603: Use of Client-Side Authentication ( Using client-side authentication ) Has been identified. http://cwe.mitre.org/data/definitions/603.htmlBy a third party objresp.authenabled The value 1 If set to, access rights may be obtained. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities: 1. Multiple authentication-bypass vulnerabilities 2. Multiple security-bypass vulnerabilities 3. A cross-site request-forgery vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dm-txrx-100-str",
"scope": "eq",
"trust": 1.6,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": "lt",
"trust": 0.8,
"vendor": "crestron",
"version": "1.3039.00040"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "eq",
"trust": 0.3,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "ne",
"trust": 0.3,
"vendor": "crestron",
"version": "1.3039.00040"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004127"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-003"
},
{
"db": "NVD",
"id": "CVE-2016-5666"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:crestron:dm-txrx-100-str",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:crestron:dm-txrx-100-str_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004127"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carsten Eiram of Risk Based Security",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-003"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5666",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5666",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-94485",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5666",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5666",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-5666",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-003",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94485",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94485"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004127"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-003"
},
{
"db": "NVD",
"id": "CVE-2016-5666"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and cross-site request forgery (CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices. Supplementary information : CWE Vulnerability type by CWE-603: Use of Client-Side Authentication ( Using client-side authentication ) Has been identified. http://cwe.mitre.org/data/definitions/603.htmlBy a third party objresp.authenabled The value 1 If set to, access rights may be obtained. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities:\n1. Multiple authentication-bypass vulnerabilities\n2. Multiple security-bypass vulnerabilities\n3. A cross-site request-forgery vulnerability\nAn attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. \nCrestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5666"
},
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004127"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "VULHUB",
"id": "VHN-94485"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2016-5666",
"trust": 2.8
},
{
"db": "BID",
"id": "92211",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU93291811",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004127",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-003",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94485",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94485"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004127"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-003"
},
{
"db": "NVD",
"id": "CVE-2016-5666"
}
]
},
"id": "VAR-201608-0079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94485"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:21:06.859000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DM-TXRX-100-STR",
"trust": 0.8,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"title": "Resource Library",
"trust": 0.8,
"url": "http://www.crestron.com/resources/resource-library/firmware"
},
{
"title": "Crestron Electronics DM-TXRX-100-STR Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63404"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004127"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-003"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004127"
},
{
"db": "NVD",
"id": "CVE-2016-5666"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/974424"
},
{
"trust": 1.1,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92211"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/603.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/425.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/321.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://www.crestron.com/resources/resource-library/firmware"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5666"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93291811/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5666"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/bluu-a9cmty"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94485"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004127"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-003"
},
{
"db": "NVD",
"id": "CVE-2016-5666"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94485"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004127"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-003"
},
{
"db": "NVD",
"id": "CVE-2016-5666"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-03T00:00:00",
"db": "VULHUB",
"id": "VHN-94485"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004127"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-003"
},
{
"date": "2016-08-03T01:59:03.740000",
"db": "NVD",
"id": "CVE-2016-5666"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-15T00:00:00",
"db": "VULHUB",
"id": "VHN-94485"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004127"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-003"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5666"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-003"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-003"
}
],
"trust": 0.6
}
}
VAR-201608-0084
Vulnerability from variot - Updated: 2025-04-13 23:21Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users. These vulnerabilities may be leveraged to gain complete control of affected devices. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities: 1. Multiple authentication-bypass vulnerabilities 2. Multiple security-bypass vulnerabilities 3. A cross-site request-forgery vulnerability An attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA. A remote attacker could exploit this vulnerability to perform unauthorized operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0084",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dm-txrx-100-str",
"scope": "lte",
"trust": 1.0,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "dm-txrx-100-str",
"scope": "lte",
"trust": 0.8,
"vendor": "crestron",
"version": "1.3039.00040"
},
{
"model": "dm-txrx-100-str",
"scope": "eq",
"trust": 0.6,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "eq",
"trust": 0.3,
"vendor": "crestron",
"version": "1.2866.00026"
},
{
"model": "electronics dm-txrx-100-str",
"scope": "ne",
"trust": 0.3,
"vendor": "crestron",
"version": "1.3039.00040"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004135"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-008"
},
{
"db": "NVD",
"id": "CVE-2016-5671"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:crestron:dm-txrx-100-str",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:crestron:dm-txrx-100-str_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004135"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carsten Eiram of Risk Based Security",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-008"
}
],
"trust": 0.6
},
"cve": "CVE-2016-5671",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-5671",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-94490",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-5671",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5671",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-5671",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-008",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94490",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94490"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004135"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-008"
},
{
"db": "NVD",
"id": "CVE-2016-5671"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users. These vulnerabilities may be leveraged to gain complete control of affected devices. Crestron Electronics DM-TXRX-100-STR is prone to the following multiple security vulnerabilities:\n1. Multiple authentication-bypass vulnerabilities\n2. Multiple security-bypass vulnerabilities\n3. A cross-site request-forgery vulnerability\nAn attacker can exploit these issues to bypass certain security restrictions, perform certain unauthorized actions , bypass the authentication mechanism and compromise the application; This may aid in further attacks. \nCrestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and prior versions are vulnerable. Crestron Electronics DM-TXRX-100-STR is a stream encoder/decoder product from Crestron Electronics, USA. A remote attacker could exploit this vulnerability to perform unauthorized operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5671"
},
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004135"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "VULHUB",
"id": "VHN-94490"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2016-5671",
"trust": 2.8
},
{
"db": "BID",
"id": "92211",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU93291811",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004135",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-008",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94490",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94490"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004135"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-008"
},
{
"db": "NVD",
"id": "CVE-2016-5671"
}
]
},
"id": "VAR-201608-0084",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94490"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:21:06.826000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DM-TXRX-100-STR",
"trust": 0.8,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"title": "Resource Library",
"trust": 0.8,
"url": "http://www.crestron.com/resources/resource-library/firmware"
},
{
"title": "Crestron Electronics DM-TXRX-100-STR Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63409"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004135"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-008"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94490"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004135"
},
{
"db": "NVD",
"id": "CVE-2016-5671"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/974424"
},
{
"trust": 1.1,
"url": "https://www.crestron.com/downloads/pdf/spec_sheets/commercial_and_residential/dm-txrx-100-str.pdf"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92211"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/603.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/425.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/321.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "https://www.crestron.com/resources/resource-library/firmware"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5671"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93291811/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5671"
},
{
"trust": 0.8,
"url": "http://www.kb.cert.org/vuls/id/bluu-a9cmty"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94490"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004135"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-008"
},
{
"db": "NVD",
"id": "CVE-2016-5671"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#974424"
},
{
"db": "VULHUB",
"id": "VHN-94490"
},
{
"db": "BID",
"id": "92211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004135"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-008"
},
{
"db": "NVD",
"id": "CVE-2016-5671"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-03T00:00:00",
"db": "VULHUB",
"id": "VHN-94490"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004135"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-008"
},
{
"date": "2016-08-03T01:59:10.117000",
"db": "NVD",
"id": "CVE-2016-5671"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "CERT/CC",
"id": "VU#974424"
},
{
"date": "2016-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-94490"
},
{
"date": "2016-08-01T00:00:00",
"db": "BID",
"id": "92211"
},
{
"date": "2016-08-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004135"
},
{
"date": "2016-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-008"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5671"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-008"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#974424"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-008"
}
],
"trust": 0.6
}
}
VAR-201807-0104
Vulnerability from variot - Updated: 2024-11-23 22:45Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Crestron Airmedia AM-100 Device firmware and AM-101 The device firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. CrestronAirMediaAM-100 and AM-101 are gateway products of Crestron Electronics of the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0104",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "airmedia am-100",
"scope": "lt",
"trust": 1.8,
"vendor": "crestron",
"version": "1.6.0"
},
{
"model": "airmedia am-101",
"scope": "lt",
"trust": 1.8,
"vendor": "crestron",
"version": "2.7.0"
},
{
"model": "electronics crestron airmedia am-100",
"scope": "lt",
"trust": 0.6,
"vendor": "crestron",
"version": "1.6.0"
},
{
"model": "electronics crestron airmedia am-101",
"scope": "lt",
"trust": 0.6,
"vendor": "crestron",
"version": "2.7.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13100"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007754"
},
{
"db": "NVD",
"id": "CVE-2017-16710"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:crestron:airmedia_am-100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:crestron:airmedia_am-101_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007754"
}
]
},
"cve": "CVE-2017-16710",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2017-16710",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-13100",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"id": "CVE-2017-16710",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-16710",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-16710",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-13100",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1105",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13100"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007754"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1105"
},
{
"db": "NVD",
"id": "CVE-2017-16710"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Crestron Airmedia AM-100 Device firmware and AM-101 The device firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. CrestronAirMediaAM-100 and AM-101 are gateway products of Crestron Electronics of the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-16710"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007754"
},
{
"db": "CNVD",
"id": "CNVD-2018-13100"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-16710",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007754",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-13100",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1105",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13100"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007754"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1105"
},
{
"db": "NVD",
"id": "CVE-2017-16710"
}
]
},
"id": "VAR-201807-0104",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13100"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13100"
}
]
},
"last_update_date": "2024-11-23T22:45:17.488000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2017-16710: CROSS-SITE SCRIPTING VULNERABILITY",
"trust": 0.8,
"url": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE-2017-16710"
},
{
"title": "Patch for CrestronAirMediaAM-100 and AM-101 Cross-Site Scripting Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/134213"
},
{
"title": "Crestron AirMedia AM-100 and AM-101 Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82112"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13100"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007754"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1105"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007754"
},
{
"db": "NVD",
"id": "CVE-2017-16710"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#cve-2017-16710"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16710"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-16710"
},
{
"trust": 0.6,
"url": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#cve"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13100"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007754"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1105"
},
{
"db": "NVD",
"id": "CVE-2017-16710"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-13100"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007754"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1105"
},
{
"db": "NVD",
"id": "CVE-2017-16710"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13100"
},
{
"date": "2018-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007754"
},
{
"date": "2018-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1105"
},
{
"date": "2018-07-11T16:29:00.517000",
"db": "NVD",
"id": "CVE-2017-16710"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13100"
},
{
"date": "2018-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007754"
},
{
"date": "2018-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1105"
},
{
"date": "2024-11-21T03:16:50.043000",
"db": "NVD",
"id": "CVE-2017-16710"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1105"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron AirMedia AM-100 and AM-101 Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13100"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1105"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1105"
}
],
"trust": 0.6
}
}
VAR-201911-1044
Vulnerability from variot - Updated: 2024-11-23 22:37Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function. Crestron DMC-STRO The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Crestron Electronics DMC-STRO is a streaming media input card for receiving streaming video signals from Crestron Electronics.
Crestron Electronics DMC-STRO has an operating system command injection vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1044",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dmc-stro",
"scope": "eq",
"trust": 1.8,
"vendor": "crestron",
"version": "1.0"
},
{
"model": "electronics dmc-stro",
"scope": "eq",
"trust": 0.6,
"vendor": "crestron",
"version": "1.0"
},
{
"model": "dmc-stro",
"scope": "eq",
"trust": 0.6,
"vendor": "creston",
"version": null
},
{
"model": "dmc-stro",
"scope": "eq",
"trust": 0.6,
"vendor": "creston",
"version": "1.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-44258"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012575"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1436"
},
{
"db": "NVD",
"id": "CVE-2019-18184"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:crestron:dmc-stro_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012575"
}
]
},
"cve": "CVE-2019-18184",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-18184",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-44258",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-18184",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-18184",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18184",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-18184",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-44258",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1436",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-44258"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012575"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1436"
},
{
"db": "NVD",
"id": "CVE-2019-18184"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function. Crestron DMC-STRO The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Crestron Electronics DMC-STRO is a streaming media input card for receiving streaming video signals from Crestron Electronics. \n\nCrestron Electronics DMC-STRO has an operating system command injection vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18184"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012575"
},
{
"db": "CNVD",
"id": "CNVD-2019-44258"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18184",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012575",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-44258",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1436",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-44258"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012575"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1436"
},
{
"db": "NVD",
"id": "CVE-2019-18184"
}
]
},
"id": "VAR-201911-1044",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-44258"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-44258"
}
]
},
"last_update_date": "2024-11-23T22:37:36.197000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DMC-STRO",
"trust": 0.8,
"url": "https://www.crestron.com/en-US/Products/Video/DigitalMedia-Modular-Matrix/Output-Cards-Blades/DMC-STRO"
},
{
"title": "Patch for Crestron Electronics DMC-STRO Operating System Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/193247"
},
{
"title": "Crestron Electronics DMC-STRO Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104082"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-44258"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012575"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1436"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012575"
},
{
"db": "NVD",
"id": "CVE-2019-18184"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.quantumleap.it/crestron-dmc-stro-remote-root-rce/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18184"
},
{
"trust": 1.6,
"url": "https://www.quantumleap.it/news/advisory/"
},
{
"trust": 1.6,
"url": "https://www.crestron.com/en-us/products/video/digitalmedia-modular-matrix/output-cards-blades/dmc-stro"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18184"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-44258"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012575"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1436"
},
{
"db": "NVD",
"id": "CVE-2019-18184"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-44258"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012575"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1436"
},
{
"db": "NVD",
"id": "CVE-2019-18184"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-44258"
},
{
"date": "2019-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012575"
},
{
"date": "2019-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1436"
},
{
"date": "2019-11-27T16:15:11.410000",
"db": "NVD",
"id": "CVE-2019-18184"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-44258"
},
{
"date": "2019-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012575"
},
{
"date": "2019-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1436"
},
{
"date": "2024-11-21T04:32:47.297000",
"db": "NVD",
"id": "CVE-2019-18184"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1436"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron Electronics DMC-STRO Operating System Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-44258"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1436"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1436"
}
],
"trust": 0.6
}
}
VAR-201806-1072
Vulnerability from variot - Updated: 2024-11-23 22:00Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP). plural Crestron The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Crestron Crestron's WindowCE-based products. Authentication is required to exploit this vulnerability.The specific flaw exists within the engineer built-in account that enables a hidden 'LAUNCH' command. An attacker can leverage this vulnerability to escape the CTP console's sandbox environment to execute commands with elevated privileges. CrestronTSW-1060 and other are touch screen devices of Crestron Electronics of the United States. There are security vulnerabilities in several Crestron products. Multiple OS command-injection vulnerabilities. 2. An access-bypass vulnerability. 3. A security-bypass vulnerability. Attackers can exploit these issues to execute arbitrary OS commands and bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-1072",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "toolbox protocol",
"scope": "lt",
"trust": 1.0,
"vendor": "crestron",
"version": "2.001.0037.001"
},
{
"model": "toolbox protocol",
"scope": null,
"trust": 0.8,
"vendor": "crestron",
"version": null
},
{
"model": "mc3",
"scope": null,
"trust": 0.7,
"vendor": "crestron",
"version": null
},
{
"model": "tsw-1060",
"scope": "lt",
"trust": 0.6,
"vendor": "crestron",
"version": "2.001.0037.001"
},
{
"model": "tsw-760",
"scope": "lt",
"trust": 0.6,
"vendor": "crestron",
"version": "2.001.0037.001"
},
{
"model": "tsw-560",
"scope": "lt",
"trust": 0.6,
"vendor": "crestron",
"version": "2.001.0037.001"
},
{
"model": "tsw-1060-nc",
"scope": "lt",
"trust": 0.6,
"vendor": "crestron",
"version": "2.001.0037.001"
},
{
"model": "tsw-760-nc",
"scope": "lt",
"trust": 0.6,
"vendor": "crestron",
"version": "2.001.0037.001"
},
{
"model": "tsw-560-nc",
"scope": "lt",
"trust": 0.6,
"vendor": "crestron",
"version": "2.001.0037.001"
},
{
"model": "tsw-x60",
"scope": "eq",
"trust": 0.3,
"vendor": "crestron",
"version": "0"
},
{
"model": "mc3",
"scope": "eq",
"trust": 0.3,
"vendor": "crestron",
"version": "0"
},
{
"model": "tsw-x60",
"scope": "ne",
"trust": 0.3,
"vendor": "crestron",
"version": "2.001.0037.001"
},
{
"model": "mc3",
"scope": "ne",
"trust": 0.3,
"vendor": "crestron",
"version": "1.502.0047.001"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-930"
},
{
"db": "CNVD",
"id": "CNVD-2018-12158"
},
{
"db": "BID",
"id": "105051"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006298"
},
{
"db": "NVD",
"id": "CVE-2018-11229"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:crestron:crestron_toolbox_protocol_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006298"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ricky \"HeadlessZeke\" Lawshae",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-930"
}
],
"trust": 0.7
},
"cve": "CVE-2018-11229",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-11229",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CVE-2018-11229",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-12158",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-11229",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-11229",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-11229",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2018-11229",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-12158",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-669",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-930"
},
{
"db": "CNVD",
"id": "CNVD-2018-12158"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006298"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-669"
},
{
"db": "NVD",
"id": "CVE-2018-11229"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP). plural Crestron The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Crestron Crestron\u0027s WindowCE-based products. Authentication is required to exploit this vulnerability.The specific flaw exists within the engineer built-in account that enables a hidden \u0027LAUNCH\u0027 command. An attacker can leverage this vulnerability to escape the CTP console\u0027s sandbox environment to execute commands with elevated privileges. CrestronTSW-1060 and other are touch screen devices of Crestron Electronics of the United States. There are security vulnerabilities in several Crestron products. Multiple OS command-injection vulnerabilities. \n2. An access-bypass vulnerability. \n3. A security-bypass vulnerability. \nAttackers can exploit these issues to execute arbitrary OS commands and bypass certain security restrictions, perform unauthorized actions, or gain sensitive information within the context of the affected system. Failed exploit attempts will likely result in denial of service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11229"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006298"
},
{
"db": "ZDI",
"id": "ZDI-18-930"
},
{
"db": "CNVD",
"id": "CNVD-2018-12158"
},
{
"db": "BID",
"id": "105051"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-11229",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-18-221-01",
"trust": 2.7
},
{
"db": "BID",
"id": "105051",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006298",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6171",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-930",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-12158",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201806-669",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-930"
},
{
"db": "CNVD",
"id": "CNVD-2018-12158"
},
{
"db": "BID",
"id": "105051"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006298"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-669"
},
{
"db": "NVD",
"id": "CVE-2018-11229"
}
]
},
"id": "VAR-201806-1072",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12158"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12158"
}
]
},
"last_update_date": "2024-11-23T22:00:29.210000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-11229: OS COMMAND INJECTION",
"trust": 0.8,
"url": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet"
},
{
"title": "Crestron has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01"
},
{
"title": "Patches for multiple Crestron product code execution vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/132895"
},
{
"title": "Multiple Crestron Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80849"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-930"
},
{
"db": "CNVD",
"id": "CNVD-2018-12158"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006298"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-669"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "CWE-77",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006298"
},
{
"db": "NVD",
"id": "CVE-2018-11229"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-221-01"
},
{
"trust": 2.2,
"url": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105051"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11229"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11229"
},
{
"trust": 0.3,
"url": "https://www.crestron.com/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-930"
},
{
"db": "CNVD",
"id": "CNVD-2018-12158"
},
{
"db": "BID",
"id": "105051"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006298"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-669"
},
{
"db": "NVD",
"id": "CVE-2018-11229"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-18-930"
},
{
"db": "CNVD",
"id": "CNVD-2018-12158"
},
{
"db": "BID",
"id": "105051"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006298"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-669"
},
{
"db": "NVD",
"id": "CVE-2018-11229"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-930"
},
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12158"
},
{
"date": "2018-08-09T00:00:00",
"db": "BID",
"id": "105051"
},
{
"date": "2018-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006298"
},
{
"date": "2018-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-669"
},
{
"date": "2018-06-08T01:29:00.997000",
"db": "NVD",
"id": "CVE-2018-11229"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-930"
},
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12158"
},
{
"date": "2018-08-09T00:00:00",
"db": "BID",
"id": "105051"
},
{
"date": "2018-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006298"
},
{
"date": "2019-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-669"
},
{
"date": "2024-11-21T03:42:57.040000",
"db": "NVD",
"id": "CVE-2018-11229"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-669"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Crestron Command injection vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006298"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-669"
}
],
"trust": 0.6
}
}
VAR-201807-2197
Vulnerability from variot - Updated: 2024-11-23 21:38The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access. DGE-100 , DM-DGE-200-C ,and TS-1542-C Device firmware includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability.The specific flaw exists within the PING command of the CTP console. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker could leverage this vulnerability to execute code with root privileges. Crestron Electronics DGE-100, DM-DGE-200-C and TS-1542-C devices are all digital graphics engine products of Crestron Electronics in the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-2197",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dge-100",
"scope": "lte",
"trust": 1.8,
"vendor": "crestron",
"version": "1.3384.00049.001"
},
{
"model": "dm-dge-200-c",
"scope": "lte",
"trust": 1.8,
"vendor": "crestron",
"version": "1.3384.00049.001"
},
{
"model": "ts-1542-c",
"scope": "lte",
"trust": 1.8,
"vendor": "crestron",
"version": "1.3384.00049.001"
},
{
"model": "tsw-760",
"scope": null,
"trust": 0.7,
"vendor": "crestron",
"version": null
},
{
"model": "dge-100",
"scope": "eq",
"trust": 0.6,
"vendor": "crestron",
"version": "1.3384.00049.001"
},
{
"model": "ts-1542-c",
"scope": "eq",
"trust": 0.6,
"vendor": "crestron",
"version": "1.3384.00049.001"
},
{
"model": "dm-dge-200-c",
"scope": "eq",
"trust": 0.6,
"vendor": "crestron",
"version": "1.3384.00049.001"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-936"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008012"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-939"
},
{
"db": "NVD",
"id": "CVE-2018-5553"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:crestron:dge-100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:crestron:dm-dge-200-c_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:crestron:ts-1542-c_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008012"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ricky \"HeadlessZeke\" Lawshae",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-936"
}
],
"trust": 0.7
},
"cve": "CVE-2018-5553",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-5553",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2018-5553",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-135584",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-5553",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-5553",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "cve@rapid7.com",
"id": "CVE-2018-5553",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-5553",
"trust": 0.8,
"value": "Critical"
},
{
"author": "ZDI",
"id": "CVE-2018-5553",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-939",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-135584",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-5553",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-936"
},
{
"db": "VULHUB",
"id": "VHN-135584"
},
{
"db": "VULMON",
"id": "CVE-2018-5553"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008012"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-939"
},
{
"db": "NVD",
"id": "CVE-2018-5553"
},
{
"db": "NVD",
"id": "CVE-2018-5553"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access. DGE-100 , DM-DGE-200-C ,and TS-1542-C Device firmware includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron\u0027s Android-based products. Authentication is not required to exploit this vulnerability.The specific flaw exists within the PING command of the CTP console. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker could leverage this vulnerability to execute code with root privileges. Crestron Electronics DGE-100, DM-DGE-200-C and TS-1542-C devices are all digital graphics engine products of Crestron Electronics in the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5553"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008012"
},
{
"db": "ZDI",
"id": "ZDI-18-936"
},
{
"db": "VULHUB",
"id": "VHN-135584"
},
{
"db": "VULMON",
"id": "CVE-2018-5553"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5553",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008012",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6177",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-936",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201807-939",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-135584",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-5553",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-936"
},
{
"db": "VULHUB",
"id": "VHN-135584"
},
{
"db": "VULMON",
"id": "CVE-2018-5553"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008012"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-939"
},
{
"db": "NVD",
"id": "CVE-2018-5553"
}
]
},
"id": "VAR-201807-2197",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-135584"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:38:27.456000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2018-5553: CRESTRON DGE-100 CONSOLE COMMAND INJECTION",
"trust": 0.8,
"url": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553"
},
{
"title": "Crestron has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01"
},
{
"title": "DGE-100 , DM-DGE-200-C and TS-1542-C Fixes for device command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84037"
},
{
"title": "Exp101tsArchiv30thers",
"trust": 0.1,
"url": "https://github.com/nu11secur1ty/Exp101tsArchiv30thers "
},
{
"title": "awesome-cve-poc_qazbnm456",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-936"
},
{
"db": "VULMON",
"id": "CVE-2018-5553"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008012"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-939"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135584"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008012"
},
{
"db": "NVD",
"id": "CVE-2018-5553"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#cve%c2%ad-2018%c2%ad-5553"
},
{
"trust": 1.8,
"url": "https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5553"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5553"
},
{
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-221-01"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/nu11secur1ty/exp101tsarchiv30thers"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-936"
},
{
"db": "VULHUB",
"id": "VHN-135584"
},
{
"db": "VULMON",
"id": "CVE-2018-5553"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008012"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-939"
},
{
"db": "NVD",
"id": "CVE-2018-5553"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-18-936"
},
{
"db": "VULHUB",
"id": "VHN-135584"
},
{
"db": "VULMON",
"id": "CVE-2018-5553"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008012"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-939"
},
{
"db": "NVD",
"id": "CVE-2018-5553"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-936"
},
{
"date": "2018-07-10T00:00:00",
"db": "VULHUB",
"id": "VHN-135584"
},
{
"date": "2018-07-10T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5553"
},
{
"date": "2018-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008012"
},
{
"date": "2018-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-939"
},
{
"date": "2018-07-10T16:29:00.970000",
"db": "NVD",
"id": "CVE-2018-5553"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-14T00:00:00",
"db": "ZDI",
"id": "ZDI-18-936"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-135584"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5553"
},
{
"date": "2018-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008012"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-939"
},
{
"date": "2024-11-21T04:09:03.720000",
"db": "NVD",
"id": "CVE-2018-5553"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-939"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Crestron In device firmware OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008012"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-939"
}
],
"trust": 0.6
}
}
VAR-201904-0327
Vulnerability from variot - Updated: 2024-11-23 21:37Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP. A remote, unauthenticated attacker can use this vulnerability to watch a slideshow without knowing the access code. Crestron AM-100 and AM-101 There is an access control vulnerability in the firmware.Information may be obtained. Crestron Electronics AM-100 and Crestron Electronics AM-101 are both smart home gateway products of Crestron Electronics in the United States. An access control error vulnerability exists in the Crestron AM-100 with firmware version 1.6.0.2 and the AM-101 with firmware version 2.7.0.2. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0327",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "am-100",
"scope": "eq",
"trust": 1.0,
"vendor": "crestron",
"version": "1.6.0.2"
},
{
"model": "am-101",
"scope": "eq",
"trust": 1.0,
"vendor": "crestron",
"version": "2.7.0.2"
},
{
"model": "airmedia am-100",
"scope": "eq",
"trust": 0.8,
"vendor": "crestron",
"version": "1.6.0.2"
},
{
"model": "airmedia am-101",
"scope": "eq",
"trust": 0.8,
"vendor": "crestron",
"version": "2.7.0.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004030"
},
{
"db": "NVD",
"id": "CVE-2019-3933"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:crestron:airmedia_am-100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:crestron:airmedia_am-101_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004030"
}
]
},
"cve": "CVE-2019-3933",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-3933",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-155368",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-3933",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-3933",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3933",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-3933",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1391",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-155368",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155368"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004030"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1391"
},
{
"db": "NVD",
"id": "CVE-2019-3933"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP. A remote, unauthenticated attacker can use this vulnerability to watch a slideshow without knowing the access code. Crestron AM-100 and AM-101 There is an access control vulnerability in the firmware.Information may be obtained. Crestron Electronics AM-100 and Crestron Electronics AM-101 are both smart home gateway products of Crestron Electronics in the United States. An access control error vulnerability exists in the Crestron AM-100 with firmware version 1.6.0.2 and the AM-101 with firmware version 2.7.0.2. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3933"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004030"
},
{
"db": "VULHUB",
"id": "VHN-155368"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3933",
"trust": 2.5
},
{
"db": "TENABLE",
"id": "TRA-2019-20",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004030",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1391",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-155368",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155368"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004030"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1391"
},
{
"db": "NVD",
"id": "CVE-2019-3933"
}
]
},
"id": "VAR-201904-0327",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155368"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:37:29.508000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AM-100",
"trust": 0.8,
"url": "https://www.crestron.com/en-US/Products/Workspace-Solutions/Wireless-Presentation-Solutions/AirMedia-Presentation-Gateways/AM-100"
},
{
"title": "AM-101",
"trust": 0.8,
"url": "https://www.crestron.com/en-US/Products/Workspace-Solutions/Wireless-Presentation-Solutions/AirMedia-Presentation-Gateways/AM-101"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004030"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.9
},
{
"problemtype": "CWE-425",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155368"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004030"
},
{
"db": "NVD",
"id": "CVE-2019-3933"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.tenable.com/security/research/tra-2019-20"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3933"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3933"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155368"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004030"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1391"
},
{
"db": "NVD",
"id": "CVE-2019-3933"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155368"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004030"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1391"
},
{
"db": "NVD",
"id": "CVE-2019-3933"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-30T00:00:00",
"db": "VULHUB",
"id": "VHN-155368"
},
{
"date": "2019-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004030"
},
{
"date": "2019-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1391"
},
{
"date": "2019-04-30T21:29:00.947000",
"db": "NVD",
"id": "CVE-2019-3933"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-155368"
},
{
"date": "2019-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004030"
},
{
"date": "2020-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1391"
},
{
"date": "2024-11-21T04:42:53.633000",
"db": "NVD",
"id": "CVE-2019-3933"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1391"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron AM-100 and AM-101 Vulnerabilities related to access control in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004030"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1391"
}
],
"trust": 0.6
}
}
VAR-201904-0332
Vulnerability from variot - Updated: 2024-11-23 21:37Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged access to the device. Crestron AM-100 and AM-101 Firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Crestron Electronics AM-100 and Crestron Electronics AM-101 are both smart home gateway products of Crestron Electronics in the United States. A trust management issue vulnerability exists in the Crestron Electronics AM-100 with firmware version 1.6.0.2 and the AM-101 with firmware version 2.7.0.2. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0332",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "am-100",
"scope": "eq",
"trust": 1.0,
"vendor": "crestron",
"version": "1.6.0.2"
},
{
"model": "am-101",
"scope": "eq",
"trust": 1.0,
"vendor": "crestron",
"version": "2.7.0.2"
},
{
"model": "airmedia am-100",
"scope": "eq",
"trust": 0.8,
"vendor": "crestron",
"version": "1.6.0.2"
},
{
"model": "airmedia am-101",
"scope": "eq",
"trust": 0.8,
"vendor": "crestron",
"version": "2.7.0.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004045"
},
{
"db": "NVD",
"id": "CVE-2019-3939"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:crestron:airmedia_am-100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:crestron:airmedia_am-101_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004045"
}
]
},
"cve": "CVE-2019-3939",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-3939",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-155374",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-3939",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3939",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3939",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-3939",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1397",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-155374",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-3939",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155374"
},
{
"db": "VULMON",
"id": "CVE-2019-3939"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004045"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1397"
},
{
"db": "NVD",
"id": "CVE-2019-3939"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged access to the device. Crestron AM-100 and AM-101 Firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Crestron Electronics AM-100 and Crestron Electronics AM-101 are both smart home gateway products of Crestron Electronics in the United States. A trust management issue vulnerability exists in the Crestron Electronics AM-100 with firmware version 1.6.0.2 and the AM-101 with firmware version 2.7.0.2. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3939"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004045"
},
{
"db": "VULHUB",
"id": "VHN-155374"
},
{
"db": "VULMON",
"id": "CVE-2019-3939"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3939",
"trust": 2.6
},
{
"db": "TENABLE",
"id": "TRA-2019-20",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004045",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1397",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-155374",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-3939",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155374"
},
{
"db": "VULMON",
"id": "CVE-2019-3939"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004045"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1397"
},
{
"db": "NVD",
"id": "CVE-2019-3939"
}
]
},
"id": "VAR-201904-0332",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155374"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:37:29.480000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AM-100",
"trust": 0.8,
"url": "https://www.crestron.com/en-US/Products/Workspace-Solutions/Wireless-Presentation-Solutions/AirMedia-Presentation-Gateways/AM-100"
},
{
"title": "AM-101",
"trust": 0.8,
"url": "https://www.crestron.com/en-US/Products/Workspace-Solutions/Wireless-Presentation-Solutions/AirMedia-Presentation-Gateways/AM-101"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2019-3939 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3939"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004045"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
},
{
"problemtype": "CWE-16",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155374"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004045"
},
{
"db": "NVD",
"id": "CVE-2019-3939"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.tenable.com/security/research/tra-2019-20"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3939"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3939"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-3939"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155374"
},
{
"db": "VULMON",
"id": "CVE-2019-3939"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004045"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1397"
},
{
"db": "NVD",
"id": "CVE-2019-3939"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155374"
},
{
"db": "VULMON",
"id": "CVE-2019-3939"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004045"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1397"
},
{
"db": "NVD",
"id": "CVE-2019-3939"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-30T00:00:00",
"db": "VULHUB",
"id": "VHN-155374"
},
{
"date": "2019-04-30T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3939"
},
{
"date": "2019-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004045"
},
{
"date": "2019-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1397"
},
{
"date": "2019-04-30T21:29:01.307000",
"db": "NVD",
"id": "CVE-2019-3939"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-155374"
},
{
"date": "2022-12-06T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3939"
},
{
"date": "2019-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004045"
},
{
"date": "2019-05-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1397"
},
{
"date": "2024-11-21T04:42:54.413000",
"db": "NVD",
"id": "CVE-2019-3939"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1397"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Crestron AM-100 and AM-101 Vulnerabilities related to the use of hard-coded credentials in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004045"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1397"
}
],
"trust": 0.6
}
}
CVE-2025-47415 (GCVE-0-2025-47415)
Vulnerability from nvd – Published: 2025-09-09 19:20 – Updated: 2025-09-10 15:47
VLAI
Title
RECWAVE Filepath Traversal
Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CRESTRON TOUCHSCREENS x70 allows Relative Path Traversal.This issue affects TOUCHSCREENS x70: from 3.000.0110.001 before 3.001.0031.001.
Confirmed Affected Hardware: TSW-760, TSW-1060
Confirmed Affected Firmware: 3.002.1061 - (no fix released, product discontinued)
For x70
The Affected Firmware:- 3.000.0110.001 and versions below
The Fixed Firmware:- 3.001.0031.001
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://security.crestron.com | vendor-advisory |
| https://www.crestron.com/Software-Firmware/Firmwa… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CRESTRON | TOUCHSCREENS x60, x70 series |
Affected:
3.000.0110.001 , < 3.001.0031.001
(custom)
|
Date Public
2025-06-09 18:54
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47415",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T15:41:57.276783Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T15:47:05.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TOUCHSCREENS x60, x70 series",
"vendor": "CRESTRON",
"versions": [
{
"changes": [
{
"at": "3.001.0031.001",
"status": "unaffected"
}
],
"lessThan": "3.001.0031.001",
"status": "affected",
"version": "3.000.0110.001",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "IBM"
}
],
"datePublic": "2025-06-09T18:54:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in CRESTRON TOUCHSCREENS x70 allows Relative Path Traversal.\u003cp\u003eThis issue affects TOUCHSCREENS x70: from 3.000.0110.001 before 3.001.0031.001.\u003cbr\u003e\u003cbr\u003e\n\n\u003c/p\u003e\u003cdiv\u003e\u003cp\u003e\u003c/p\u003e\u003c/div\u003e\n\n\u003cdiv\u003e\u003cp\u003eConfirmed Affected Hardware:\u202fTSW-760, TSW-1060 \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eConfirmed Affected Firmware:\u202f3.002.1061\u003c/span\u003e\u0026nbsp;- \u003ci\u003e(no fix released, product discontinued)\u003c/i\u003e\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eFor x70\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eThe Affected Firmware:- 3.000.0110.001 \u202fand versions below \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eThe Fixed Firmware:- 3.001.0031.001 \u003c/p\u003e\u003c/div\u003e\n\n\u003cdiv\u003e\u003cp\u003e \u003c/p\u003e\u003c/div\u003e\n\n\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in CRESTRON TOUCHSCREENS x70 allows Relative Path Traversal.This issue affects TOUCHSCREENS x70: from 3.000.0110.001 before 3.001.0031.001.\n\n\n\n\n\n\n\n\n\n\n\nConfirmed Affected Hardware:\u202fTSW-760, TSW-1060 \n\n\n\nConfirmed Affected Firmware:\u202f3.002.1061\u00a0- (no fix released, product discontinued)\n\n\n\n\u00a0\n\nFor x70\u202f\u00a0\n\n\n\nThe Affected Firmware:- 3.000.0110.001 \u202fand versions below \n\n\n\nThe Fixed Firmware:- 3.001.0031.001"
}
],
"impacts": [
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T19:20:35.244Z",
"orgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"shortName": "Crestron"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.crestron.com"
},
{
"tags": [
"patch"
],
"url": "https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-002-0040-001"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "RECWAVE Filepath Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"assignerShortName": "Crestron",
"cveId": "CVE-2025-47415",
"datePublished": "2025-09-09T19:20:35.244Z",
"dateReserved": "2025-05-06T19:36:18.439Z",
"dateUpdated": "2025-09-10T15:47:05.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47416 (GCVE-0-2025-47416)
Vulnerability from nvd – Published: 2025-09-09 13:52 – Updated: 2025-09-09 14:06
VLAI
Title
ConsoleFindCommandMatchList
Summary
A vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc. so imported by ctpd that may lead to unauthorized execution of an attacker-defined file that gets prioritized by the ConsoleFindCommandMatchList.
A third-party researcher discovered that the ConsoleFindCommandMatchList enumerates the /dev/shm/symproc/c directory in alphabetical order to identify console commands. Permission levels are inferred from the integer values present in each command's file name.
Confirmed Affected Hardware: TSW-760, TSW-1060
Confirmed Affected Firmware: 3.002.1061
Fixed Firmware: no fixed released (product is discontinued and end of life)
For x70
The Affected Firmware:- 3.000.0110.001 and versions below
The Fixed Firmware:- 3.001.0031.001
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-697 - Incorrect Comparison
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://security.crestron.com | vendor-advisory |
| https://www.crestron.com/Software-Firmware/Firmwa… | patch |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| CRESTRON | TOUCHSCREEN x70 |
Affected:
3.000.0110.001 , < 3.001.0031.001
(custom)
|
|
| CRESTRON | Touchscreen x60s |
Affected:
3.002.1061
|
Date Public
2025-06-09 13:21
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47416",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T14:06:09.910159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T14:06:41.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TOUCHSCREEN x70",
"vendor": "CRESTRON",
"versions": [
{
"changes": [
{
"at": "3.001.0031.001",
"status": "unaffected"
}
],
"lessThan": "3.001.0031.001",
"status": "affected",
"version": "3.000.0110.001",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touchscreen x60s",
"vendor": "CRESTRON",
"versions": [
{
"status": "affected",
"version": "3.002.1061"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "IBM"
}
],
"datePublic": "2025-06-09T13:21:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the ConsoleFindCommandMatchList\u202ffunction in libsymproc. so\u202fimported by ctpd that may lead to unauthorized execution of an attacker-defined file that gets prioritized by the ConsoleFindCommandMatchList.\u003cbr\u003e\u003cbr\u003e\n\nA third-party researcher discovered that the ConsoleFindCommandMatchList\u202fenumerates the /dev/shm/symproc/c directory in alphabetical order to identify console commands. Permission levels are inferred from the integer values present in each command\u0027s file name.\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\n\n\u003cdiv\u003e\u003cp\u003eConfirmed Affected Hardware:\u202fTSW-760, TSW-1060 \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(239, 250, 102);\"\u003eConfirmed Affected Firmware:\u202f3.002.1061\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eFixed Firmware: no fixed released\u0026nbsp;\u003ci\u003e(product is discontinued and end of life)\u003c/i\u003e\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eFor x70\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eThe Affected Firmware:- 3.000.0110.001 \u202fand versions below \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eThe Fixed Firmware:- 3.001.0031.001\u003c/p\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability exists in the ConsoleFindCommandMatchList\u202ffunction in libsymproc. so\u202fimported by ctpd that may lead to unauthorized execution of an attacker-defined file that gets prioritized by the ConsoleFindCommandMatchList.\n\n\n\nA third-party researcher discovered that the ConsoleFindCommandMatchList\u202fenumerates the /dev/shm/symproc/c directory in alphabetical order to identify console commands. Permission levels are inferred from the integer values present in each command\u0027s file name.\u00a0\n\n\n\nConfirmed Affected Hardware:\u202fTSW-760, TSW-1060 \n\n\n\nConfirmed Affected Firmware:\u202f3.002.1061\u00a0\n\n\n\nFixed Firmware: no fixed released\u00a0(product is discontinued and end of life)\n\n\n\n\u00a0\n\n\n\nFor x70\u202f\u00a0\n\n\n\nThe Affected Firmware:- 3.000.0110.001 \u202fand versions below \n\n\n\nThe Fixed Firmware:- 3.001.0031.001"
}
],
"impacts": [
{
"capecId": "CAPEC-43",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-43 Exploiting Multiple Input Interpretation Layers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697 Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T13:52:45.855Z",
"orgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"shortName": "Crestron"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.crestron.com"
},
{
"tags": [
"patch"
],
"url": "https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-002-0040-001"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ConsoleFindCommandMatchList",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"assignerShortName": "Crestron",
"cveId": "CVE-2025-47416",
"datePublished": "2025-09-09T13:52:45.855Z",
"dateReserved": "2025-05-06T19:36:18.440Z",
"dateUpdated": "2025-09-09T14:06:41.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47421 (GCVE-0-2025-47421)
Vulnerability from nvd – Published: 2025-09-03 13:49 – Updated: 2025-09-03 13:59
VLAI
Title
Privilege escalation via SCP login
Summary
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001.
A specially crafted SCP command sent via SSH login string can lead a valid administrator user to gain Privileged Operating System access on the device.
Following Products Models are affected:
TSW-x70
TSW-x60
TST-1080
AM-3000/3100/3200
Soundbar VB70
HD-PS622/621/402
HD-TXU-RXU-4kZ-211
HD-MDNXM-4KZ-E
*Note: additional firmware updates will be published once made available
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security.crestron.com | vendor-advisory |
| https://https://www.crestron.com/Software-Firmwar… | patch |
| https://https://www.crestron.com/release_notes/ts… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CRESTRON | TOUCHSCREENS x70 |
Affected:
3.001.0031.001 , < 3.001.0034.001
(custom)
|
Date Public
2025-07-25 13:24
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47421",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T13:59:12.682369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T13:59:32.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TOUCHSCREENS x70",
"vendor": "CRESTRON",
"versions": [
{
"lessThan": "3.001.0034.001",
"status": "affected",
"version": "3.001.0031.001",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Frank Slezak"
}
],
"datePublic": "2025-07-25T13:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.\u003cp\u003eThis issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001.\u003cbr\u003e\u003cbr\u003eA specially crafted SCP command sent via SSH login string can lead a valid administrator user to gain Privileged Operating System access on the device.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eFollowing Products Models are affected:\u003cbr\u003e\u003cbr\u003eTSW-x70 \u003cbr\u003eTSW-x60 \u003cbr\u003eTST-1080\u003cbr\u003eAM-3000/3100/3200\u003cbr\u003eSoundbar VB70\u003cbr\u003eHD-PS622/621/402\u003cbr\u003eHD-TXU-RXU-4kZ-211\u003cbr\u003eHD-MDNXM-4KZ-E\u003cbr\u003e\u003cbr\u003e*Note: additional firmware updates will be published once made available\u003cbr\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001.\n\nA specially crafted SCP command sent via SSH login string can lead a valid administrator user to gain Privileged Operating System access on the device.\n\n\nFollowing Products Models are affected:\n\nTSW-x70 \nTSW-x60 \nTST-1080\nAM-3000/3100/3200\nSoundbar VB70\nHD-PS622/621/402\nHD-TXU-RXU-4kZ-211\nHD-MDNXM-4KZ-E\n\n*Note: additional firmware updates will be published once made available"
}
],
"impacts": [
{
"capecId": "CAPEC-6",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-6 Argument Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T13:49:40.856Z",
"orgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"shortName": "Crestron"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.crestron.com"
},
{
"tags": [
"patch"
],
"url": "https://https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-002-0040-001"
},
{
"tags": [
"release-notes"
],
"url": "https://https://www.crestron.com/release_notes/tsw-xx70_3.002.0040.001_release_notes.pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Privilege escalation via SCP login",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"assignerShortName": "Crestron",
"cveId": "CVE-2025-47421",
"datePublished": "2025-09-03T13:49:40.856Z",
"dateReserved": "2025-05-06T19:36:18.441Z",
"dateUpdated": "2025-09-03T13:59:32.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47420 (GCVE-0-2025-47420)
Vulnerability from nvd – Published: 2025-05-06 21:33 – Updated: 2025-05-07 14:03
VLAI
Title
User Permissions on Network API
Summary
266 vulnerability in Crestron Automate VX allows Privilege Escalation.This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security.crestron.com/ | vendor-advisory |
| https://www.crestron.com/Software-Firmware/Softwa… | patch |
| https://www.crestron.com/release_notes/automate_v… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crestron | Automate VX |
Affected:
5.6.8161.21536 , ≤ 6.4.0.49
(custom)
|
Date Public
2025-04-23 21:15
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47420",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T13:46:20.078463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T14:03:50.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Automate VX",
"vendor": "Crestron",
"versions": [
{
"changes": [
{
"at": "6.4.1.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.4.0.49",
"status": "affected",
"version": "5.6.8161.21536",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Crestron Electronics Inc"
}
],
"datePublic": "2025-04-23T21:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "266 vulnerability in Crestron Automate VX allows Privilege Escalation.\u003cp\u003eThis issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.\u003c/p\u003e"
}
],
"value": "266 vulnerability in Crestron Automate VX allows Privilege Escalation.This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T21:33:39.188Z",
"orgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"shortName": "Crestron"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.crestron.com/"
},
{
"tags": [
"patch"
],
"url": "https://www.crestron.com/Software-Firmware/Software/Automate-VX-Software/6-4-1-8"
},
{
"tags": [
"release-notes"
],
"url": "https://www.crestron.com/release_notes/automate_vx_6.4.1.8_release_notes.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Crestron recommends updating to firmware version 6.4.1.8 or higher. The firmware version will applies user permissions to API requests. \u003cbr\u003e"
}
],
"value": "Crestron recommends updating to firmware version 6.4.1.8 or higher. The firmware version will applies user permissions to API requests."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "User Permissions on Network API",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Limit all API usage to users with full permissions.\n\n\u003cbr\u003e"
}
],
"value": "Limit all API usage to users with full permissions."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"assignerShortName": "Crestron",
"cveId": "CVE-2025-47420",
"datePublished": "2025-05-06T21:33:39.188Z",
"dateReserved": "2025-05-06T19:36:18.441Z",
"dateUpdated": "2025-05-07T14:03:50.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47419 (GCVE-0-2025-47419)
Vulnerability from nvd – Published: 2025-05-06 20:52 – Updated: 2025-05-07 14:03
VLAI
Title
Non-Secure Access
Summary
Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic.
The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords.
This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security.crestron.com/ | vendor-advisory |
| https://www.crestron.com/Software-Firmware/Softwa… | patch |
| https://www.crestron.com/release_notes/automate_v… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crestron | Automate VX |
Affected:
5.6.8161.21536 , ≤ 6.4.0.49
(custom)
|
Date Public
2025-04-23 20:47
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47419",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T13:47:55.617300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T14:03:57.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Automate VX",
"vendor": "Crestron",
"versions": [
{
"changes": [
{
"at": "6.4.1.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.4.0.49",
"status": "affected",
"version": "5.6.8161.21536",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Crestron Electronics Inc"
}
],
"datePublic": "2025-04-23T20:47:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic.\u003cbr\u003e\u003cbr\u003eThe device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.\u003c/p\u003e"
}
],
"value": "Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic.\n\nThe device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords.\n\n\nThis issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49."
}
],
"impacts": [
{
"capecId": "CAPEC-158",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-158 Sniffing Network Traffic"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T20:52:44.604Z",
"orgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"shortName": "Crestron"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.crestron.com/"
},
{
"tags": [
"patch"
],
"url": "https://www.crestron.com/Software-Firmware/Software/Automate-VX-Software/6-4-1-8"
},
{
"tags": [
"release-notes"
],
"url": "https://www.crestron.com/release_notes/automate_vx_6.4.1.8_release_notes.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCrestron recommends updating to firmware version 6.4.1.8 or higher. The firmware version will disables the use of unsecure ports for the Web UI and API.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Crestron recommends updating to firmware version 6.4.1.8 or higher. The firmware version will disables the use of unsecure ports for the Web UI and API."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Non-Secure Access",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Protect the device at the physical or network layer using an external firewall to prevent unauthorized configuration. \u003cbr\u003e"
}
],
"value": "Protect the device at the physical or network layer using an external firewall to prevent unauthorized configuration."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"assignerShortName": "Crestron",
"cveId": "CVE-2025-47419",
"datePublished": "2025-05-06T20:52:44.604Z",
"dateReserved": "2025-05-06T19:36:18.441Z",
"dateUpdated": "2025-05-07T14:03:57.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47418 (GCVE-0-2025-47418)
Vulnerability from nvd – Published: 2025-05-06 20:13 – Updated: 2025-05-07 14:04
VLAI
Title
Recording
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse.
There is no visible indication when the system is recording and recording can be enabled remotely via a network API.
This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security.crestron.com/ | vendor-advisory |
| https://www.crestron.com/Software-Firmware/Softwa… | |
| https://www.crestron.com/release_notes/automate_v… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crestron | Automate VX |
Affected:
5.6.8161.21536 , ≤ 6.4.0.49
(custom)
|
Date Public
2025-04-23 20:04
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47418",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T13:46:13.710646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T14:04:11.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Automate VX",
"vendor": "Crestron",
"versions": [
{
"changes": [
{
"at": "6.4.1.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.4.0.49",
"status": "affected",
"version": "5.6.8161.21536",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Crestron Electronics Inc"
}
],
"datePublic": "2025-04-23T20:04:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse.\u003cbr\u003e\u003cbr\u003eThere is no visible indication when the system is recording and recording can be enabled remotely via a network API. \u003cbr\u003e\u003cp\u003eThis issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.\u003c/p\u003e"
}
],
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse.\n\nThere is no visible indication when the system is recording and recording can be enabled remotely via a network API. \nThis issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T20:20:24.812Z",
"orgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"shortName": "Crestron"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.crestron.com/"
},
{
"url": "https://www.crestron.com/Software-Firmware/Software/Automate-VX-Software/6-4-1-8"
},
{
"tags": [
"release-notes"
],
"url": "https://www.crestron.com/release_notes/automate_vx_6.4.1.8_release_notes.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCrestron recommends updating to firmware version 6.4.1.8 or higher. The firmware version will\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eadds \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ea\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e visual\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eindication\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eon \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethe program \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evideo output \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewhen recording is \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003estarted\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Crestron recommends updating to firmware version 6.4.1.8 or higher. The firmware version will\u00a0adds a visual indication on the program video output when recording is started."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Recording",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInform users in the room that they may be recorded. Also, configure the network to only allow needed systems and/or devices to access the API.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Inform users in the room that they may be recorded. Also, configure the network to only allow needed systems and/or devices to access the API."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"assignerShortName": "Crestron",
"cveId": "CVE-2025-47418",
"datePublished": "2025-05-06T20:13:38.805Z",
"dateReserved": "2025-05-06T19:36:18.441Z",
"dateUpdated": "2025-05-07T14:04:11.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47417 (GCVE-0-2025-47417)
Vulnerability from nvd – Published: 2025-05-06 19:49 – Updated: 2025-05-08 18:35
VLAI
Title
Enable Debug Images
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse.
When Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible indication that this is being done.
This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security.crestron.com | vendor-advisory |
| https://www.crestron.com/Software-Firmware/Softwa… | patch |
| https://www.crestron.com/release_notes/automate_v… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crestron | Automate VX |
Affected:
5.6.8161.21536 , ≤ 6.4.0.49
(custom)
|
Date Public
2025-04-23 19:48
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47417",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:34:55.584949Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T18:35:06.098Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Automate VX",
"vendor": "Crestron",
"versions": [
{
"changes": [
{
"at": "6.4.1.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.4.0.49",
"status": "affected",
"version": "5.6.8161.21536",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Crestron Electronics Inc"
}
],
"datePublic": "2025-04-23T19:48:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse.\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eWhen Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible indication that this is being done.\u003c/span\u003e\n\n\u003cbr\u003e\u003cp\u003eThis issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.\u003c/p\u003e"
}
],
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse.\n\n\n\nWhen Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible indication that this is being done.\n\n\nThis issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T19:49:09.288Z",
"orgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"shortName": "Crestron"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.crestron.com"
},
{
"tags": [
"patch"
],
"url": "https://www.crestron.com/Software-Firmware/Software/Automate-VX-Software/6-4-1-8"
},
{
"url": "https://www.crestron.com/release_notes/automate_vx_6.4.1.8_release_notes.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Crestron recommends updating the software to firmware version\u0026nbsp;6.4.1.8 or higher. The\u0026nbsp;firmware update will automatically disables the Enable Debug Images Mode on system startup and reboot (which occurs daily), or if manually disabled, whichever occurs first, and automatically deletes captured images in 24 hours. While active, a visual overlay is applied to the program video output indicating Debug Images Enabled."
}
],
"value": "Crestron recommends updating the software to firmware version\u00a06.4.1.8 or higher. The\u00a0firmware update will automatically disables the Enable Debug Images Mode on system startup and reboot (which occurs daily), or if manually disabled, whichever occurs first, and automatically deletes captured images in 24 hours. While active, a visual overlay is applied to the program video output indicating Debug Images Enabled."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Enable Debug Images",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDeactivate Enable Debug Images and delete stored images.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Deactivate Enable Debug Images and delete stored images."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"assignerShortName": "Crestron",
"cveId": "CVE-2025-47417",
"datePublished": "2025-05-06T19:49:09.288Z",
"dateReserved": "2025-05-06T19:36:18.441Z",
"dateUpdated": "2025-05-08T18:35:06.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47415 (GCVE-0-2025-47415)
Vulnerability from cvelistv5 – Published: 2025-09-09 19:20 – Updated: 2025-09-10 15:47
VLAI
Title
RECWAVE Filepath Traversal
Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CRESTRON TOUCHSCREENS x70 allows Relative Path Traversal.This issue affects TOUCHSCREENS x70: from 3.000.0110.001 before 3.001.0031.001.
Confirmed Affected Hardware: TSW-760, TSW-1060
Confirmed Affected Firmware: 3.002.1061 - (no fix released, product discontinued)
For x70
The Affected Firmware:- 3.000.0110.001 and versions below
The Fixed Firmware:- 3.001.0031.001
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://security.crestron.com | vendor-advisory |
| https://www.crestron.com/Software-Firmware/Firmwa… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CRESTRON | TOUCHSCREENS x60, x70 series |
Affected:
3.000.0110.001 , < 3.001.0031.001
(custom)
|
Date Public
2025-06-09 18:54
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47415",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-10T15:41:57.276783Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-10T15:47:05.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TOUCHSCREENS x60, x70 series",
"vendor": "CRESTRON",
"versions": [
{
"changes": [
{
"at": "3.001.0031.001",
"status": "unaffected"
}
],
"lessThan": "3.001.0031.001",
"status": "affected",
"version": "3.000.0110.001",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "IBM"
}
],
"datePublic": "2025-06-09T18:54:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in CRESTRON TOUCHSCREENS x70 allows Relative Path Traversal.\u003cp\u003eThis issue affects TOUCHSCREENS x70: from 3.000.0110.001 before 3.001.0031.001.\u003cbr\u003e\u003cbr\u003e\n\n\u003c/p\u003e\u003cdiv\u003e\u003cp\u003e\u003c/p\u003e\u003c/div\u003e\n\n\u003cdiv\u003e\u003cp\u003eConfirmed Affected Hardware:\u202fTSW-760, TSW-1060 \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eConfirmed Affected Firmware:\u202f3.002.1061\u003c/span\u003e\u0026nbsp;- \u003ci\u003e(no fix released, product discontinued)\u003c/i\u003e\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eFor x70\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eThe Affected Firmware:- 3.000.0110.001 \u202fand versions below \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eThe Fixed Firmware:- 3.001.0031.001 \u003c/p\u003e\u003c/div\u003e\n\n\u003cdiv\u003e\u003cp\u003e \u003c/p\u003e\u003c/div\u003e\n\n\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in CRESTRON TOUCHSCREENS x70 allows Relative Path Traversal.This issue affects TOUCHSCREENS x70: from 3.000.0110.001 before 3.001.0031.001.\n\n\n\n\n\n\n\n\n\n\n\nConfirmed Affected Hardware:\u202fTSW-760, TSW-1060 \n\n\n\nConfirmed Affected Firmware:\u202f3.002.1061\u00a0- (no fix released, product discontinued)\n\n\n\n\u00a0\n\nFor x70\u202f\u00a0\n\n\n\nThe Affected Firmware:- 3.000.0110.001 \u202fand versions below \n\n\n\nThe Fixed Firmware:- 3.001.0031.001"
}
],
"impacts": [
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T19:20:35.244Z",
"orgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"shortName": "Crestron"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.crestron.com"
},
{
"tags": [
"patch"
],
"url": "https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-002-0040-001"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "RECWAVE Filepath Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"assignerShortName": "Crestron",
"cveId": "CVE-2025-47415",
"datePublished": "2025-09-09T19:20:35.244Z",
"dateReserved": "2025-05-06T19:36:18.439Z",
"dateUpdated": "2025-09-10T15:47:05.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47416 (GCVE-0-2025-47416)
Vulnerability from cvelistv5 – Published: 2025-09-09 13:52 – Updated: 2025-09-09 14:06
VLAI
Title
ConsoleFindCommandMatchList
Summary
A vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc. so imported by ctpd that may lead to unauthorized execution of an attacker-defined file that gets prioritized by the ConsoleFindCommandMatchList.
A third-party researcher discovered that the ConsoleFindCommandMatchList enumerates the /dev/shm/symproc/c directory in alphabetical order to identify console commands. Permission levels are inferred from the integer values present in each command's file name.
Confirmed Affected Hardware: TSW-760, TSW-1060
Confirmed Affected Firmware: 3.002.1061
Fixed Firmware: no fixed released (product is discontinued and end of life)
For x70
The Affected Firmware:- 3.000.0110.001 and versions below
The Fixed Firmware:- 3.001.0031.001
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-697 - Incorrect Comparison
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://security.crestron.com | vendor-advisory |
| https://www.crestron.com/Software-Firmware/Firmwa… | patch |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| CRESTRON | TOUCHSCREEN x70 |
Affected:
3.000.0110.001 , < 3.001.0031.001
(custom)
|
|
| CRESTRON | Touchscreen x60s |
Affected:
3.002.1061
|
Date Public
2025-06-09 13:21
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47416",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-09T14:06:09.910159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T14:06:41.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TOUCHSCREEN x70",
"vendor": "CRESTRON",
"versions": [
{
"changes": [
{
"at": "3.001.0031.001",
"status": "unaffected"
}
],
"lessThan": "3.001.0031.001",
"status": "affected",
"version": "3.000.0110.001",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Touchscreen x60s",
"vendor": "CRESTRON",
"versions": [
{
"status": "affected",
"version": "3.002.1061"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "IBM"
}
],
"datePublic": "2025-06-09T13:21:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in the ConsoleFindCommandMatchList\u202ffunction in libsymproc. so\u202fimported by ctpd that may lead to unauthorized execution of an attacker-defined file that gets prioritized by the ConsoleFindCommandMatchList.\u003cbr\u003e\u003cbr\u003e\n\nA third-party researcher discovered that the ConsoleFindCommandMatchList\u202fenumerates the /dev/shm/symproc/c directory in alphabetical order to identify console commands. Permission levels are inferred from the integer values present in each command\u0027s file name.\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\n\n\u003cdiv\u003e\u003cp\u003eConfirmed Affected Hardware:\u202fTSW-760, TSW-1060 \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(239, 250, 102);\"\u003eConfirmed Affected Firmware:\u202f3.002.1061\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eFixed Firmware: no fixed released\u0026nbsp;\u003ci\u003e(product is discontinued and end of life)\u003c/i\u003e\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eFor x70\u202f\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eThe Affected Firmware:- 3.000.0110.001 \u202fand versions below \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eThe Fixed Firmware:- 3.001.0031.001\u003c/p\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability exists in the ConsoleFindCommandMatchList\u202ffunction in libsymproc. so\u202fimported by ctpd that may lead to unauthorized execution of an attacker-defined file that gets prioritized by the ConsoleFindCommandMatchList.\n\n\n\nA third-party researcher discovered that the ConsoleFindCommandMatchList\u202fenumerates the /dev/shm/symproc/c directory in alphabetical order to identify console commands. Permission levels are inferred from the integer values present in each command\u0027s file name.\u00a0\n\n\n\nConfirmed Affected Hardware:\u202fTSW-760, TSW-1060 \n\n\n\nConfirmed Affected Firmware:\u202f3.002.1061\u00a0\n\n\n\nFixed Firmware: no fixed released\u00a0(product is discontinued and end of life)\n\n\n\n\u00a0\n\n\n\nFor x70\u202f\u00a0\n\n\n\nThe Affected Firmware:- 3.000.0110.001 \u202fand versions below \n\n\n\nThe Fixed Firmware:- 3.001.0031.001"
}
],
"impacts": [
{
"capecId": "CAPEC-43",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-43 Exploiting Multiple Input Interpretation Layers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697 Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-09T13:52:45.855Z",
"orgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"shortName": "Crestron"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.crestron.com"
},
{
"tags": [
"patch"
],
"url": "https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-002-0040-001"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ConsoleFindCommandMatchList",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"assignerShortName": "Crestron",
"cveId": "CVE-2025-47416",
"datePublished": "2025-09-09T13:52:45.855Z",
"dateReserved": "2025-05-06T19:36:18.440Z",
"dateUpdated": "2025-09-09T14:06:41.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47421 (GCVE-0-2025-47421)
Vulnerability from cvelistv5 – Published: 2025-09-03 13:49 – Updated: 2025-09-03 13:59
VLAI
Title
Privilege escalation via SCP login
Summary
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001.
A specially crafted SCP command sent via SSH login string can lead a valid administrator user to gain Privileged Operating System access on the device.
Following Products Models are affected:
TSW-x70
TSW-x60
TST-1080
AM-3000/3100/3200
Soundbar VB70
HD-PS622/621/402
HD-TXU-RXU-4kZ-211
HD-MDNXM-4KZ-E
*Note: additional firmware updates will be published once made available
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security.crestron.com | vendor-advisory |
| https://https://www.crestron.com/Software-Firmwar… | patch |
| https://https://www.crestron.com/release_notes/ts… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CRESTRON | TOUCHSCREENS x70 |
Affected:
3.001.0031.001 , < 3.001.0034.001
(custom)
|
Date Public
2025-07-25 13:24
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47421",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T13:59:12.682369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T13:59:32.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TOUCHSCREENS x70",
"vendor": "CRESTRON",
"versions": [
{
"lessThan": "3.001.0034.001",
"status": "affected",
"version": "3.001.0031.001",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Frank Slezak"
}
],
"datePublic": "2025-07-25T13:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.\u003cp\u003eThis issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001.\u003cbr\u003e\u003cbr\u003eA specially crafted SCP command sent via SSH login string can lead a valid administrator user to gain Privileged Operating System access on the device.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eFollowing Products Models are affected:\u003cbr\u003e\u003cbr\u003eTSW-x70 \u003cbr\u003eTSW-x60 \u003cbr\u003eTST-1080\u003cbr\u003eAM-3000/3100/3200\u003cbr\u003eSoundbar VB70\u003cbr\u003eHD-PS622/621/402\u003cbr\u003eHD-TXU-RXU-4kZ-211\u003cbr\u003eHD-MDNXM-4KZ-E\u003cbr\u003e\u003cbr\u003e*Note: additional firmware updates will be published once made available\u003cbr\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027) vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001.\n\nA specially crafted SCP command sent via SSH login string can lead a valid administrator user to gain Privileged Operating System access on the device.\n\n\nFollowing Products Models are affected:\n\nTSW-x70 \nTSW-x60 \nTST-1080\nAM-3000/3100/3200\nSoundbar VB70\nHD-PS622/621/402\nHD-TXU-RXU-4kZ-211\nHD-MDNXM-4KZ-E\n\n*Note: additional firmware updates will be published once made available"
}
],
"impacts": [
{
"capecId": "CAPEC-6",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-6 Argument Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T13:49:40.856Z",
"orgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"shortName": "Crestron"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.crestron.com"
},
{
"tags": [
"patch"
],
"url": "https://https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-002-0040-001"
},
{
"tags": [
"release-notes"
],
"url": "https://https://www.crestron.com/release_notes/tsw-xx70_3.002.0040.001_release_notes.pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Privilege escalation via SCP login",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"assignerShortName": "Crestron",
"cveId": "CVE-2025-47421",
"datePublished": "2025-09-03T13:49:40.856Z",
"dateReserved": "2025-05-06T19:36:18.441Z",
"dateUpdated": "2025-09-03T13:59:32.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47420 (GCVE-0-2025-47420)
Vulnerability from cvelistv5 – Published: 2025-05-06 21:33 – Updated: 2025-05-07 14:03
VLAI
Title
User Permissions on Network API
Summary
266 vulnerability in Crestron Automate VX allows Privilege Escalation.This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security.crestron.com/ | vendor-advisory |
| https://www.crestron.com/Software-Firmware/Softwa… | patch |
| https://www.crestron.com/release_notes/automate_v… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crestron | Automate VX |
Affected:
5.6.8161.21536 , ≤ 6.4.0.49
(custom)
|
Date Public
2025-04-23 21:15
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47420",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T13:46:20.078463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T14:03:50.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Automate VX",
"vendor": "Crestron",
"versions": [
{
"changes": [
{
"at": "6.4.1.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.4.0.49",
"status": "affected",
"version": "5.6.8161.21536",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Crestron Electronics Inc"
}
],
"datePublic": "2025-04-23T21:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "266 vulnerability in Crestron Automate VX allows Privilege Escalation.\u003cp\u003eThis issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.\u003c/p\u003e"
}
],
"value": "266 vulnerability in Crestron Automate VX allows Privilege Escalation.This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T21:33:39.188Z",
"orgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"shortName": "Crestron"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.crestron.com/"
},
{
"tags": [
"patch"
],
"url": "https://www.crestron.com/Software-Firmware/Software/Automate-VX-Software/6-4-1-8"
},
{
"tags": [
"release-notes"
],
"url": "https://www.crestron.com/release_notes/automate_vx_6.4.1.8_release_notes.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Crestron recommends updating to firmware version 6.4.1.8 or higher. The firmware version will applies user permissions to API requests. \u003cbr\u003e"
}
],
"value": "Crestron recommends updating to firmware version 6.4.1.8 or higher. The firmware version will applies user permissions to API requests."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "User Permissions on Network API",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Limit all API usage to users with full permissions.\n\n\u003cbr\u003e"
}
],
"value": "Limit all API usage to users with full permissions."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"assignerShortName": "Crestron",
"cveId": "CVE-2025-47420",
"datePublished": "2025-05-06T21:33:39.188Z",
"dateReserved": "2025-05-06T19:36:18.441Z",
"dateUpdated": "2025-05-07T14:03:50.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47419 (GCVE-0-2025-47419)
Vulnerability from cvelistv5 – Published: 2025-05-06 20:52 – Updated: 2025-05-07 14:03
VLAI
Title
Non-Secure Access
Summary
Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic.
The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords.
This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security.crestron.com/ | vendor-advisory |
| https://www.crestron.com/Software-Firmware/Softwa… | patch |
| https://www.crestron.com/release_notes/automate_v… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crestron | Automate VX |
Affected:
5.6.8161.21536 , ≤ 6.4.0.49
(custom)
|
Date Public
2025-04-23 20:47
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47419",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T13:47:55.617300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T14:03:57.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Automate VX",
"vendor": "Crestron",
"versions": [
{
"changes": [
{
"at": "6.4.1.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.4.0.49",
"status": "affected",
"version": "5.6.8161.21536",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Crestron Electronics Inc"
}
],
"datePublic": "2025-04-23T20:47:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic.\u003cbr\u003e\u003cbr\u003eThe device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.\u003c/p\u003e"
}
],
"value": "Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic.\n\nThe device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords.\n\n\nThis issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49."
}
],
"impacts": [
{
"capecId": "CAPEC-158",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-158 Sniffing Network Traffic"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T20:52:44.604Z",
"orgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"shortName": "Crestron"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.crestron.com/"
},
{
"tags": [
"patch"
],
"url": "https://www.crestron.com/Software-Firmware/Software/Automate-VX-Software/6-4-1-8"
},
{
"tags": [
"release-notes"
],
"url": "https://www.crestron.com/release_notes/automate_vx_6.4.1.8_release_notes.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCrestron recommends updating to firmware version 6.4.1.8 or higher. The firmware version will disables the use of unsecure ports for the Web UI and API.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Crestron recommends updating to firmware version 6.4.1.8 or higher. The firmware version will disables the use of unsecure ports for the Web UI and API."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Non-Secure Access",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Protect the device at the physical or network layer using an external firewall to prevent unauthorized configuration. \u003cbr\u003e"
}
],
"value": "Protect the device at the physical or network layer using an external firewall to prevent unauthorized configuration."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"assignerShortName": "Crestron",
"cveId": "CVE-2025-47419",
"datePublished": "2025-05-06T20:52:44.604Z",
"dateReserved": "2025-05-06T19:36:18.441Z",
"dateUpdated": "2025-05-07T14:03:57.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47418 (GCVE-0-2025-47418)
Vulnerability from cvelistv5 – Published: 2025-05-06 20:13 – Updated: 2025-05-07 14:04
VLAI
Title
Recording
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse.
There is no visible indication when the system is recording and recording can be enabled remotely via a network API.
This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security.crestron.com/ | vendor-advisory |
| https://www.crestron.com/Software-Firmware/Softwa… | |
| https://www.crestron.com/release_notes/automate_v… | release-notes |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crestron | Automate VX |
Affected:
5.6.8161.21536 , ≤ 6.4.0.49
(custom)
|
Date Public
2025-04-23 20:04
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47418",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T13:46:13.710646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T14:04:11.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Automate VX",
"vendor": "Crestron",
"versions": [
{
"changes": [
{
"at": "6.4.1.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.4.0.49",
"status": "affected",
"version": "5.6.8161.21536",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Crestron Electronics Inc"
}
],
"datePublic": "2025-04-23T20:04:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse.\u003cbr\u003e\u003cbr\u003eThere is no visible indication when the system is recording and recording can be enabled remotely via a network API. \u003cbr\u003e\u003cp\u003eThis issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.\u003c/p\u003e"
}
],
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse.\n\nThere is no visible indication when the system is recording and recording can be enabled remotely via a network API. \nThis issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T20:20:24.812Z",
"orgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"shortName": "Crestron"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.crestron.com/"
},
{
"url": "https://www.crestron.com/Software-Firmware/Software/Automate-VX-Software/6-4-1-8"
},
{
"tags": [
"release-notes"
],
"url": "https://www.crestron.com/release_notes/automate_vx_6.4.1.8_release_notes.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCrestron recommends updating to firmware version 6.4.1.8 or higher. The firmware version will\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eadds \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ea\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e visual\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eindication\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eon \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethe program \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evideo output \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewhen recording is \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003estarted\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Crestron recommends updating to firmware version 6.4.1.8 or higher. The firmware version will\u00a0adds a visual indication on the program video output when recording is started."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Recording",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInform users in the room that they may be recorded. Also, configure the network to only allow needed systems and/or devices to access the API.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Inform users in the room that they may be recorded. Also, configure the network to only allow needed systems and/or devices to access the API."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"assignerShortName": "Crestron",
"cveId": "CVE-2025-47418",
"datePublished": "2025-05-06T20:13:38.805Z",
"dateReserved": "2025-05-06T19:36:18.441Z",
"dateUpdated": "2025-05-07T14:04:11.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47417 (GCVE-0-2025-47417)
Vulnerability from cvelistv5 – Published: 2025-05-06 19:49 – Updated: 2025-05-08 18:35
VLAI
Title
Enable Debug Images
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse.
When Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible indication that this is being done.
This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security.crestron.com | vendor-advisory |
| https://www.crestron.com/Software-Firmware/Softwa… | patch |
| https://www.crestron.com/release_notes/automate_v… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Crestron | Automate VX |
Affected:
5.6.8161.21536 , ≤ 6.4.0.49
(custom)
|
Date Public
2025-04-23 19:48
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47417",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T18:34:55.584949Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T18:35:06.098Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Automate VX",
"vendor": "Crestron",
"versions": [
{
"changes": [
{
"at": "6.4.1.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "6.4.0.49",
"status": "affected",
"version": "5.6.8161.21536",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Crestron Electronics Inc"
}
],
"datePublic": "2025-04-23T19:48:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse.\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eWhen Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible indication that this is being done.\u003c/span\u003e\n\n\u003cbr\u003e\u003cp\u003eThis issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.\u003c/p\u003e"
}
],
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse.\n\n\n\nWhen Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible indication that this is being done.\n\n\nThis issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T19:49:09.288Z",
"orgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"shortName": "Crestron"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.crestron.com"
},
{
"tags": [
"patch"
],
"url": "https://www.crestron.com/Software-Firmware/Software/Automate-VX-Software/6-4-1-8"
},
{
"url": "https://www.crestron.com/release_notes/automate_vx_6.4.1.8_release_notes.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Crestron recommends updating the software to firmware version\u0026nbsp;6.4.1.8 or higher. The\u0026nbsp;firmware update will automatically disables the Enable Debug Images Mode on system startup and reboot (which occurs daily), or if manually disabled, whichever occurs first, and automatically deletes captured images in 24 hours. While active, a visual overlay is applied to the program video output indicating Debug Images Enabled."
}
],
"value": "Crestron recommends updating the software to firmware version\u00a06.4.1.8 or higher. The\u00a0firmware update will automatically disables the Enable Debug Images Mode on system startup and reboot (which occurs daily), or if manually disabled, whichever occurs first, and automatically deletes captured images in 24 hours. While active, a visual overlay is applied to the program video output indicating Debug Images Enabled."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Enable Debug Images",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDeactivate Enable Debug Images and delete stored images.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Deactivate Enable Debug Images and delete stored images."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"assignerShortName": "Crestron",
"cveId": "CVE-2025-47417",
"datePublished": "2025-05-06T19:49:09.288Z",
"dateReserved": "2025-05-06T19:36:18.441Z",
"dateUpdated": "2025-05-08T18:35:06.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}