Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.
References
Link | Resource |
---|---|
https://www.tenable.com/security/research/tra-2019-02 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2019-01-18 18:29
Updated : 2024-02-28 16:48
NVD link : CVE-2019-3910
Mitre link : CVE-2019-3910
CVE.ORG link : CVE-2019-3910
JSON object : View
Products Affected
crestron
- airmedia_am-100
- airmedia_am-100_firmware
CWE