Vulnerabilities > Crestron > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-07-30 CVE-2020-16839 Improper Authentication vulnerability in Crestron products
On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request.
network
low complexity
crestron CWE-287
5.0
2019-04-30 CVE-2019-3936 Unspecified vulnerability in Crestron Am-100 Firmware and Am-101 Firmware
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389.
network
low complexity
crestron
5.0
2019-04-30 CVE-2019-3934 Forced Browsing vulnerability in Crestron Am-100 Firmware and Am-101 Firmware
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi.
network
low complexity
crestron CWE-425
5.0
2019-04-30 CVE-2019-3933 Forced Browsing vulnerability in Crestron Am-100 Firmware and Am-101 Firmware
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP.
network
low complexity
crestron CWE-425
5.0
2019-04-30 CVE-2019-3928 Unspecified vulnerability in Crestron Am-100 Firmware and Am-101 Firmware
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs.
network
low complexity
crestron
5.3
2019-04-30 CVE-2019-3927 Improper Authentication vulnerability in Crestron Am-100 Firmware and Am-101 Firmware
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs.
network
low complexity
crestron CWE-287
5.0
2018-08-10 CVE-2018-13341 Unspecified vulnerability in Crestron MC3 Firmware and Tsw-X60 Firmware
Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges.
network
low complexity
crestron
4.0
2018-07-11 CVE-2017-16709 Unspecified vulnerability in Crestron Airmedia Am-100 Firmware and Airmedia Am-101 Firmware
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.
network
low complexity
crestron
6.5
2016-08-03 CVE-2016-5671 Cross-Site Request Forgery (CSRF) vulnerability in Crestron Dm-Txrx-100-Str Firmware
Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users.
network
crestron CWE-352
6.8
2016-08-03 CVE-2016-5669 Multiple Security vulnerability in Crestron Dm-Txrx-100-Str Firmware 1.2866.00026
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate's trust relationship.
network
low complexity
crestron
5.0