Vulnerabilities > Crestron > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-23 CVE-2023-6926 OS Command Injection vulnerability in Crestron Am-300 Firmware 1.4499.00018
There is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access.
local
low complexity
crestron CWE-78
7.8
2023-07-17 CVE-2023-38405 Unspecified vulnerability in Crestron products
On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash.
network
low complexity
crestron
7.5
2022-09-23 CVE-2022-40298 Incorrect Permission Assignment for Critical Resource vulnerability in Crestron Airmedia 4.3.1.39
Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39.
network
low complexity
crestron CWE-732
8.8
2019-04-30 CVE-2019-3938 Use of Hard-coded Credentials vulnerability in Crestron Am-100 Firmware and Am-101 Firmware
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature.
local
low complexity
crestron CWE-798
7.8
2019-01-18 CVE-2019-3910 Unspecified vulnerability in Crestron Airmedia Am-100 Firmware
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script.
network
low complexity
crestron
8.5
2018-06-08 CVE-2018-11229 OS Command Injection vulnerability in Crestron Toolbox Protocol Firmware
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP).
network
low complexity
crestron CWE-78
7.5
2016-08-03 CVE-2016-5668 Multiple Security vulnerability in Crestron Dm-Txrx-100-Str Firmware 1.2866.00026
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call.
network
low complexity
crestron
7.5
2016-08-03 CVE-2016-5667 Multiple Security vulnerability in Crestron Dm-Txrx-100-Str Firmware 1.2866.00026
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html.
network
low complexity
crestron
7.5