CVE-2019-3910
Description
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Crestron AM-100 firmware before 1.6.0.2 has an authentication bypass in return.cgi allowing unauthenticated remote attackers to execute arbitrary commands as root.
Vulnerability
The Crestron AM-100 web interface's return.cgi script contains an authentication bypass. The script checks for a noNeedSeid XML node containing the text SetFlag to bypass the normal authentication token. This allows unauthenticated remote attackers to access administrative functionality. Affected firmware versions are prior to 1.6.0.2 [1].
Exploitation
An unauthenticated remote attacker can send a crafted POST request to /cgi-bin/return.cgi with a Content-Type: application/x-www-form-urlencoded header and a payload that includes SetFlag and a command injection in the `` field. The example from the advisory uses a command to start a telnet daemon on port 1270, which the attacker then connects to for a root shell [1].
Impact
Successful exploitation grants the attacker a root shell on the device, allowing full control over the Crestron AM-100. The attacker can also perform administrative actions such as modifying update sources and rebooting the device [1].
Mitigation
Crestron released firmware version 1.6.0.2 to address this vulnerability. Users should upgrade to this version or later. No workarounds are documented [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.tenable.com/security/research/tra-2019-02mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.