Vulnerabilities > Crestron > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-23 | CVE-2023-6926 | OS Command Injection vulnerability in Crestron Am-300 Firmware 1.4499.00018 There is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access. | 7.8 |
| 2023-07-17 | CVE-2023-38405 | Unspecified vulnerability in Crestron products On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash. | 7.5 |
| 2022-09-23 | CVE-2022-40298 | Incorrect Permission Assignment for Critical Resource vulnerability in Crestron Airmedia 4.3.1.39 Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. | 8.8 |
| 2019-04-30 | CVE-2019-3938 | Use of Hard-coded Credentials vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. | 7.8 |
| 2019-01-18 | CVE-2019-3910 | Unspecified vulnerability in Crestron Airmedia Am-100 Firmware Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. | 8.5 |
| 2018-06-08 | CVE-2018-11229 | OS Command Injection vulnerability in Crestron Toolbox Protocol Firmware Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP). | 7.5 |
| 2016-08-03 | CVE-2016-5668 | Multiple Security vulnerability in Crestron Dm-Txrx-100-Str Firmware 1.2866.00026 Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call. | 7.5 |
| 2016-08-03 | CVE-2016-5667 | Multiple Security vulnerability in Crestron Dm-Txrx-100-Str Firmware 1.2866.00026 Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html. | 7.5 |