Vulnerabilities > Crestron > Airmedia AM 100 Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-18 | CVE-2019-3910 | Unspecified vulnerability in Crestron Airmedia Am-100 Firmware 1.2.1/1.4.0.12/1.6.0 Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. | 9.1 |
| 2018-07-11 | CVE-2017-16710 | Cross-site Scripting vulnerability in Crestron Airmedia Am-100 Firmware and Airmedia Am-101 Firmware Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.8 |
| 2018-07-11 | CVE-2017-16709 | Unspecified vulnerability in Crestron Airmedia Am-100 Firmware and Airmedia Am-101 Firmware Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors. | 7.2 |
| 2016-08-03 | CVE-2016-5640 | Command Injection vulnerability in Crestron Airmedia Am-100 Firmware 1.2.1 Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. | 9.8 |
| 2016-08-03 | CVE-2016-5639 | Path Traversal vulnerability in Crestron Airmedia Am-100 Firmware 1.2.1/1.4.0.12 Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. | 7.5 |