Vulnerabilities (CVE)

Filtered by vendor Crestron Subscribe
Filtered by product Airmedia Am-100
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-3910 1 Crestron 2 Airmedia Am-100, Airmedia Am-100 Firmware 2024-11-21 8.5 HIGH 9.1 CRITICAL
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.
CVE-2017-16710 1 Crestron 4 Airmedia Am-100, Airmedia Am-100 Firmware, Airmedia Am-101 and 1 more 2024-11-21 3.5 LOW 4.8 MEDIUM
Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-16709 1 Crestron 4 Airmedia Am-100, Airmedia Am-100 Firmware, Airmedia Am-101 and 1 more 2024-11-21 6.5 MEDIUM 7.2 HIGH
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.
CVE-2016-5640 1 Crestron 2 Airmedia Am-100, Airmedia Am-100 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter.
CVE-2016-5639 1 Crestron 2 Airmedia Am-100, Airmedia Am-100 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.