Vulnerabilities > Crestron > AM 100 Firmware > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-30 | CVE-2019-3938 | Use of Hard-coded Credentials vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. | 7.8 |
2019-04-30 | CVE-2019-3937 | Cleartext Storage of Sensitive Information vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in cleartext in the file /tmp/scfgdndf. | 7.8 |
2019-04-30 | CVE-2019-3936 | Unspecified vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. | 7.5 |
2019-04-30 | CVE-2019-3931 | Argument Injection or Modification vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. | 8.8 |