Vulnerabilities > CVE-2017-16709 - Unspecified vulnerability in Crestron Airmedia Am-100 Firmware and Airmedia Am-101 Firmware

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

crestron

exploit available

metasploit

NVD

Published: 2018-07-11

Updated: 2019-10-03

Summary

Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
OS	Crestron Crestron Airmedia AM 100 Firmware - Crestron Airmedia AM 100 Firmware 1.2.1 Crestron Airmedia AM 100 Firmware 1.4.0.12 Crestron Airmedia AM 101 Firmware -	4
Hardware	Crestron Crestron Airmedia AM 100 - Crestron Airmedia AM 101 -	2

Exploit-Db

id	EDB-ID:47353
last seen	2019-09-05
modified	2019-09-05
published	2019-09-05
reporter	Exploit-DB
source	https://www.exploit-db.com/download/47353
title	AwindInc SNMP Service - Command Injection (Metasploit)

Metasploit

description	This module exploits a vulnerability found in AwindInc and OEM'ed products where untrusted inputs are fed to ftpfw.sh system command, leading to command injection. A valid SNMP read-write community is required to exploit this vulnerability. The following devices are known to be affected by this issue: * Crestron Airmedia AM-100 <= version 1.5.0.4 * Crestron Airmedia AM-101 <= version 2.5.0.12 * Awind WiPG-1600w <= version 2.0.1.8 * Awind WiPG-2000d <= version 2.1.6.2 * Barco wePresent 2000 <= version 2.1.5.7 * Newline Trucast 2 <= version 2.1.0.5 * Newline Trucast 3 <= version 2.1.3.7
id	MSF:EXPLOIT/LINUX/SNMP/AWIND_SNMP_EXEC
last seen	2020-06-12
modified	2019-09-04
published	2018-09-11
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16709 https://github.com/QKaiser/awind-research https://qkaiser.github.io/pentesting/2019/03/27/awind-device-vrd/
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/snmp/awind_snmp_exec.rb
title	AwindInc SNMP Service Command Injection

Packetstorm

data source	https://packetstormsecurity.com/files/download/154362/awind_snmp_exec.rb.txt
id	PACKETSTORM:154362
last seen	2019-09-07
published	2019-09-04
reporter	Quentin Kaiser
source	https://packetstormsecurity.com/files/154362/AwindInc-SNMP-Service-Command-Injection.html
title	AwindInc SNMP Service Command Injection

Summary

Vulnerable Configurations

Exploit-Db

Metasploit

Packetstorm

References