CVE-2019-3927
Description
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker can use this vulnerability to change the admin or moderator user's password and gain access to restricted areas on the HTTP interface.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Remote unauthenticated attacker can change admin and moderator passwords on Crestron AM-100/101 via SNMP OIDs, gaining web interface access.
Vulnerability
The Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow anyone to change the administrator and moderator passwords via the SNMP OIDs iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2. This vulnerability is identified as CVE-2019-3927 [1].
Exploitation
An unauthenticated remote attacker with SNMP write access (default community strings are typically public and private) can set the password for the administrator or moderator user by sending a SNMP set request to the aforementioned OIDs. No authentication is required to perform this action [1].
Impact
Successfully changing the administrator or moderator password grants the attacker full access to the web interface's restricted areas, potentially allowing further compromise of the device [1].
Mitigation
As of the publication date, no official fix has been released. Restricting SNMP access to trusted hosts and changing SNMP community strings from defaults can reduce the risk. The device may also be replaced if no firmware update becomes available [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Crestron/Crestron AirMediav5Range: AM-100 firmware 1.6.0.2 and AM-101 firmware 2.7.0.2
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The SNMP writable OIDs iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 allow unauthenticated remote modification of the administrator and moderator passwords without any access control."
Attack vector
A remote, unauthenticated attacker sends SNMP set requests to the target device targeting the OIDs iso.3.6.1.4.1.3212.100.3.2.8.1 (admin password) and iso.3.6.1.4.1.3212.100.3.2.8.2 (moderator password) [ref_id=1]. No authentication is required to perform these SNMP writes. After changing the password, the attacker can log into the web interface with the newly set credentials and access restricted administrative areas [ref_id=1].
Affected code
The vulnerability exists in the Crestron AM-100 firmware 1.6.0.2 and AM-101 firmware 2.7.0.2 [ref_id=1]. The affected SNMP OIDs are iso.3.6.1.4.1.3212.100.3.2.8.1 (administrator password) and iso.3.6.1.4.1.3212.100.3.2.8.2 (moderator password) [ref_id=1]. No specific source file or function is identified in the advisory.
What the fix does
The advisory does not include a patch or remediation details [ref_id=1]. The vendor was notified by Tenable but no fix is described in the published research. To mitigate this vulnerability, administrators should restrict SNMP access to trusted management hosts only, or disable SNMP if it is not required.
Preconditions
- networkThe attacker must have network access to the SNMP service on the target device (UDP port 161).
- authNo authentication or prior knowledge of credentials is required.
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- www.tenable.com/security/research/tra-2019-20mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.