Vulnerabilities > Crestron > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-11-27 CVE-2019-18184 OS Command Injection vulnerability in Crestron Dmc-Stro Firmware 1.0
Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function.
network
low complexity
crestron CWE-78
critical
10.0
2019-04-30 CVE-2019-3939 Use of Hard-coded Credentials vulnerability in Crestron Am-100 Firmware and Am-101 Firmware
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface.
network
low complexity
crestron CWE-798
critical
9.8
2019-04-30 CVE-2019-3935 Unspecified vulnerability in Crestron Am-100 Firmware and Am-101 Firmware
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi.
network
low complexity
crestron
critical
9.1
2019-04-30 CVE-2019-3932 Use of Hard-coded Credentials vulnerability in Crestron Am-100 Firmware and Am-101 Firmware
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi.
network
low complexity
crestron CWE-798
critical
9.8
2019-04-30 CVE-2019-3931 Argument Injection or Modification vulnerability in Crestron Am-100 Firmware and Am-101 Firmware
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi.
network
low complexity
crestron CWE-88
critical
9.0
2019-04-30 CVE-2019-3930 Out-of-bounds Write vulnerability in multiple products
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so's PARSERtoCHAR function.
network
low complexity
crestron barco extron teqavit sharp optoma blackbox infocus CWE-787
critical
10.0
2019-04-30 CVE-2019-3929 OS Command Injection vulnerability in multiple products
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint.
network
low complexity
crestron barco extron teqavit sharp optoma blackbox infocus CWE-78
critical
10.0
2019-04-30 CVE-2019-3926 OS Command Injection vulnerability in Crestron Am-100 Firmware and Am-101 Firmware
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.14.1.
network
low complexity
crestron CWE-78
critical
10.0
2019-04-30 CVE-2019-3925 OS Command Injection vulnerability in Crestron Am-100 Firmware and Am-101 Firmware
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3.
network
low complexity
crestron CWE-78
critical
10.0
2018-08-10 CVE-2018-10630 Improper Authentication vulnerability in Crestron MC3 Firmware and Tsw-X60 Firmware
For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it.
network
low complexity
crestron CWE-287
critical
10.0