VYPR
High severity7.8NVD Advisory· Published Apr 30, 2019· Updated Jun 17, 2026

CVE-2019-3938

CVE-2019-3938

Description

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any configuration file since all the encryption logic is hard coded. A local attacker can use this vulnerability to gain access to devices username and passwords.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Crestron/AM-100llm-fuzzy
    Range: 1.6.0.2
  • Crestron/Crestron AirMediav5
    Range: AM-100 firmware 1.6.0.2 and AM-101 firmware 2.7.0.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.