CVE-2016-5667

Vulnerability

The Crestron DM-TXRX-100-STR streaming encoder/decoder devices running firmware versions prior to 1.3039.00040 implement client-side authentication only for the index.html page. This allows an attacker to bypass authentication by directly requesting any other URI on the device's web management interface [1].

Exploitation

An attacker with network access to the device can send a direct HTTP request to any URI other than index.html (e.g., configuration pages or API endpoints) without providing any credentials. No user interaction or prior authentication is required [1].

Impact

Successful exploitation grants the attacker unauthenticated access to the device's web interface, potentially enabling further attacks such as reading or modifying device configuration, accessing sensitive information, or leveraging other vulnerabilities (e.g., CVE-2016-5668, CVE-2016-5670) that require prior access [1].

Mitigation

Crestron has addressed this vulnerability in firmware version 1.3039.00040. Users should update to this version or later. No workaround is available for unpatched devices [1].