VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 30, 2019· Updated Aug 4, 2024

CVE-2019-3939

CVE-2019-3939

Description

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged access to the device.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Crestron AM-100/AM-101 use default credentials (admin/admin, moderator/moderator), allowing unauthenticated remote attackers privileged web interface access.

Vulnerability

Crestron AM-100 firmware 1.6.0.2 and AM-101 firmware 2.7.0.2 ship with default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated attacker can use these credentials to log in with privileged access. [1]

Exploitation

An attacker with network access to the device can simply navigate to the web interface and log in using the known default credentials. No authentication or prior interaction is required. [1]

Impact

Successful exploitation grants the attacker privileged access to the device's web interface, enabling full control over the device's configuration and functions, potentially leading to further compromise. [1]

Mitigation

Crestron has released firmware updates to address this issue; users should update to the latest firmware. As a workaround, change default credentials immediately upon deployment. [1]

References
  1. OEM Presentation Platform Vulnerabilities

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Crestron/AM-100llm-fuzzy
    Range: =1.6.0.2
  • Crestron/Crestron AirMediav5
    Range: AM-100 firmware 1.6.0.2 and AM-101 firmware 2.7.0.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.