Vulnerabilities > Crestron > Airmedia AM 100 Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-01-18 CVE-2019-3910 Unspecified vulnerability in Crestron Airmedia Am-100 Firmware 1.2.1/1.4.0.12/1.6.0
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script.
network
low complexity
crestron
critical
9.1
2018-07-11 CVE-2017-16710 Cross-site Scripting vulnerability in Crestron Airmedia Am-100 Firmware and Airmedia Am-101 Firmware
Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
crestron CWE-79
4.8
2018-07-11 CVE-2017-16709 Unspecified vulnerability in Crestron Airmedia Am-100 Firmware and Airmedia Am-101 Firmware
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.
network
low complexity
crestron
7.2
2016-08-03 CVE-2016-5640 Command Injection vulnerability in Crestron Airmedia Am-100 Firmware 1.2.1
Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a ..
network
low complexity
crestron CWE-77
critical
9.8
2016-08-03 CVE-2016-5639 Path Traversal vulnerability in Crestron Airmedia Am-100 Firmware 1.2.1/1.4.0.12
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a ..
network
low complexity
crestron CWE-22
7.5