Vulnerabilities > Crestron
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-30 | CVE-2019-3938 | Use of Hard-coded Credentials vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. | 7.8 |
2019-04-30 | CVE-2019-3937 | Cleartext Storage of Sensitive Information vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in cleartext in the file /tmp/scfgdndf. | 7.8 |
2019-04-30 | CVE-2019-3936 | Unspecified vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. | 7.5 |
2019-04-30 | CVE-2019-3935 | Unspecified vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. | 9.1 |
2019-04-30 | CVE-2019-3934 | Forced Browsing vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. | 5.3 |
2019-04-30 | CVE-2019-3933 | Forced Browsing vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP. | 5.3 |
2019-04-30 | CVE-2019-3932 | Use of Hard-coded Credentials vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. | 9.8 |
2019-04-30 | CVE-2019-3931 | Argument Injection or Modification vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. | 8.8 |
2019-04-30 | CVE-2019-3930 | Out-of-bounds Write vulnerability in multiple products The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so's PARSERtoCHAR function. | 9.8 |
2019-04-30 | CVE-2019-3929 | OS Command Injection vulnerability in multiple products The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. | 9.8 |