Vulnerabilities > Crestron > AM 100 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2019-04-30 CVE-2019-3938 Use of Hard-coded Credentials vulnerability in Crestron Am-100 Firmware and Am-101 Firmware
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature.
local
low complexity
crestron CWE-798
7.8
2019-04-30 CVE-2019-3937 Cleartext Storage of Sensitive Information vulnerability in Crestron Am-100 Firmware and Am-101 Firmware
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in cleartext in the file /tmp/scfgdndf.
local
low complexity
crestron CWE-312
7.8
2019-04-30 CVE-2019-3936 Unspecified vulnerability in Crestron Am-100 Firmware and Am-101 Firmware
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389.
network
low complexity
crestron
7.5
2019-04-30 CVE-2019-3931 Argument Injection or Modification vulnerability in Crestron Am-100 Firmware and Am-101 Firmware
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi.
network
low complexity
crestron CWE-88
8.8