VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 30, 2019· Updated Aug 4, 2024

CVE-2019-3936

CVE-2019-3936

Description

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. The request will force the slideshow to transition into a "stopped" state. A remote, unauthenticated attacker can use this vulnerability to stop an active slideshow.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Crestron AM-100/AM-101 slideshow can be remotely stopped by an unauthenticated attacker via a crafted TCP request to port 389.

Vulnerability

A denial-of-service vulnerability exists in the Crestron AM-100 (firmware 1.6.0.2) and AM-101 (firmware 2.7.0.2). By sending a crafted request to TCP port 389, the device's slideshow transitions into a "stopped" state. No authentication or prior access is required to trigger the vulnerable code path [1].

Exploitation

A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted network request to TCP port 389 of the affected Crestron device. No credentials, user interaction, or special network position beyond reachability is needed. The request forces the slideshow to stop immediately [1].

Impact

Successful exploitation halts an active slideshow, denying service to legitimate users who rely on the presentation functionality. This is a denial-of-service (DoS) impact with no effect on confidentiality or integrity of other device functions [1].

Mitigation

Crestron has not released a firmware update for the AM-100 or AM-101 to address this vulnerability at the time of publication. Tenable’s advisory recommends restricting network access to port 389 and other management ports as a workaround. The devices may also be at end of life; operators should consider upgrading to supported models [1].

References
  1. OEM Presentation Platform Vulnerabilities

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Crestron/AM-100llm-fuzzy
    Range: = 1.6.0.2
  • Crestron/Crestron AirMediav5
    Range: AM-100 firmware 1.6.0.2 and AM-101 firmware 2.7.0.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.