Vulnerabilities > CVE-2017-16709 - Unspecified vulnerability in Crestron Airmedia Am-100 Firmware and Airmedia Am-101 Firmware
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 4 | |
Hardware | 2 |
Exploit-Db
id | EDB-ID:47353 |
last seen | 2019-09-05 |
modified | 2019-09-05 |
published | 2019-09-05 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/47353 |
title | AwindInc SNMP Service - Command Injection (Metasploit) |
Metasploit
description | This module exploits a vulnerability found in AwindInc and OEM'ed products where untrusted inputs are fed to ftpfw.sh system command, leading to command injection. A valid SNMP read-write community is required to exploit this vulnerability. The following devices are known to be affected by this issue: * Crestron Airmedia AM-100 <= version 1.5.0.4 * Crestron Airmedia AM-101 <= version 2.5.0.12 * Awind WiPG-1600w <= version 2.0.1.8 * Awind WiPG-2000d <= version 2.1.6.2 * Barco wePresent 2000 <= version 2.1.5.7 * Newline Trucast 2 <= version 2.1.0.5 * Newline Trucast 3 <= version 2.1.3.7 |
id | MSF:EXPLOIT/LINUX/SNMP/AWIND_SNMP_EXEC |
last seen | 2020-06-12 |
modified | 2019-09-04 |
published | 2018-09-11 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/snmp/awind_snmp_exec.rb |
title | AwindInc SNMP Service Command Injection |
Packetstorm
data source | https://packetstormsecurity.com/files/download/154362/awind_snmp_exec.rb.txt |
id | PACKETSTORM:154362 |
last seen | 2019-09-07 |
published | 2019-09-04 |
reporter | Quentin Kaiser |
source | https://packetstormsecurity.com/files/154362/AwindInc-SNMP-Service-Command-Injection.html |
title | AwindInc SNMP Service Command Injection |
References
- http://packetstormsecurity.com/files/154362/AwindInc-SNMP-Service-Command-Injection.html
- http://packetstormsecurity.com/files/154362/AwindInc-SNMP-Service-Command-Injection.html
- https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE-2017-16709
- https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE-2017-16709
- https://www.tenable.com/security/research/tra-2019-20
- https://www.tenable.com/security/research/tra-2019-20