High severity7.8NVD Advisory· Published Apr 30, 2019· Updated Jun 17, 2026
CVE-2019-3938
CVE-2019-3938
Description
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any configuration file since all the encryption logic is hard coded. A local attacker can use this vulnerability to gain access to devices username and passwords.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Crestron/Crestron AirMediav5Range: AM-100 firmware 1.6.0.2 and AM-101 firmware 2.7.0.2
Patches
Vulnerability mechanics
References
1- www.tenable.com/security/research/tra-2019-20nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.