Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.
References
Link | Resource |
---|---|
https://www.tenable.com/security/research/tra-2019-02 | Exploit Third Party Advisory |
https://www.tenable.com/security/research/tra-2019-02 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 04:42
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.tenable.com/security/research/tra-2019-02 - Exploit, Third Party Advisory |
Information
Published : 2019-01-18 18:29
Updated : 2024-11-21 04:42
NVD link : CVE-2019-3910
Mitre link : CVE-2019-3910
CVE.ORG link : CVE-2019-3910
JSON object : View
Products Affected
crestron
- airmedia_am-100_firmware
- airmedia_am-100
CWE