VYPR
High severity8.8NVD Advisory· Published Apr 30, 2019· Updated Jun 17, 2026

CVE-2019-3931

CVE-2019-3931

Description

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can use this vulnerability to upload files to the device and ultimately execute code as root.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Crestron/AM-100llm-fuzzy
    Range: 1.6.0.2
  • Crestron/Crestron AirMediav5
    Range: AM-100 firmware 1.6.0.2 and AM-101 firmware 2.7.0.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.