CVE-2019-18184

Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:crestron:dmc-stro_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:h:crestron:dmc-stro:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:32

Type Values Removed Values Added
References () https://www.crestron.com/en-US/Products/Video/DigitalMedia-Modular-Matrix/Output-Cards-Blades/DMC-STRO - Product () https://www.crestron.com/en-US/Products/Video/DigitalMedia-Modular-Matrix/Output-Cards-Blades/DMC-STRO - Product
References () https://www.quantumleap.it/crestron-dmc-stro-remote-root-rce/ - Exploit, Third Party Advisory () https://www.quantumleap.it/crestron-dmc-stro-remote-root-rce/ - Exploit, Third Party Advisory
References () https://www.quantumleap.it/news/advisory/ - Third Party Advisory () https://www.quantumleap.it/news/advisory/ - Third Party Advisory

10 Feb 2022, 16:06

Type Values Removed Values Added
CPE cpe:2.3:o:creston:dmc-stro_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:h:creston:dmc-stro:-:*:*:*:*:*:*:*
cpe:2.3:o:crestron:dmc-stro_firmware:1.0:*:*:*:*:*:*:*
cpe:2.3:h:crestron:dmc-stro:-:*:*:*:*:*:*:*

Information

Published : 2019-11-27 16:15

Updated : 2024-11-21 04:32


NVD link : CVE-2019-18184

Mitre link : CVE-2019-18184

CVE.ORG link : CVE-2019-18184


JSON object : View

Products Affected

crestron

  • dmc-stro
  • dmc-stro_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')