Vulnerabilities > CVE-2017-16709 - Unspecified vulnerability in Crestron Airmedia Am-100 Firmware and Airmedia Am-101 Firmware

047910
CVSS 7.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
crestron
exploit available
metasploit

Summary

Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.

Exploit-Db

idEDB-ID:47353
last seen2019-09-05
modified2019-09-05
published2019-09-05
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/47353
titleAwindInc SNMP Service - Command Injection (Metasploit)

Metasploit

descriptionThis module exploits a vulnerability found in AwindInc and OEM'ed products where untrusted inputs are fed to ftpfw.sh system command, leading to command injection. A valid SNMP read-write community is required to exploit this vulnerability. The following devices are known to be affected by this issue: * Crestron Airmedia AM-100 <= version 1.5.0.4 * Crestron Airmedia AM-101 <= version 2.5.0.12 * Awind WiPG-1600w <= version 2.0.1.8 * Awind WiPG-2000d <= version 2.1.6.2 * Barco wePresent 2000 <= version 2.1.5.7 * Newline Trucast 2 <= version 2.1.0.5 * Newline Trucast 3 <= version 2.1.3.7
idMSF:EXPLOIT/LINUX/SNMP/AWIND_SNMP_EXEC
last seen2020-06-12
modified2019-09-04
published2018-09-11
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/snmp/awind_snmp_exec.rb
titleAwindInc SNMP Service Command Injection

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/154362/awind_snmp_exec.rb.txt
idPACKETSTORM:154362
last seen2019-09-07
published2019-09-04
reporterQuentin Kaiser
sourcehttps://packetstormsecurity.com/files/154362/AwindInc-SNMP-Service-Command-Injection.html
titleAwindInc SNMP Service Command Injection