Vulnerabilities > Crestron > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-30 | CVE-2020-16839 | Improper Authentication vulnerability in Crestron products On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request. | 5.0 |
| 2019-04-30 | CVE-2019-3936 | Unspecified vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. | 5.0 |
| 2019-04-30 | CVE-2019-3934 | Forced Browsing vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. | 5.0 |
| 2019-04-30 | CVE-2019-3933 | Forced Browsing vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP. | 5.0 |
| 2019-04-30 | CVE-2019-3928 | Unspecified vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. | 5.3 |
| 2019-04-30 | CVE-2019-3927 | Improper Authentication vulnerability in Crestron Am-100 Firmware and Am-101 Firmware Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. | 5.0 |
| 2018-08-10 | CVE-2018-13341 | Unspecified vulnerability in Crestron MC3 Firmware and Tsw-X60 Firmware Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. | 4.0 |
| 2018-07-11 | CVE-2017-16709 | Unspecified vulnerability in Crestron Airmedia Am-100 Firmware and Airmedia Am-101 Firmware Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors. | 6.5 |
| 2016-08-03 | CVE-2016-5671 | Cross-Site Request Forgery (CSRF) vulnerability in Crestron Dm-Txrx-100-Str Firmware Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2016-08-03 | CVE-2016-5669 | Multiple Security vulnerability in Crestron Dm-Txrx-100-Str Firmware 1.2866.00026 Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate's trust relationship. | 5.0 |