High severity7.5NVD Advisory· Published Jul 30, 2021· Updated Jun 17, 2026
CVE-2020-16839
CVE-2020-16839
Description
On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request.
Affected products
3- Crestron/DM-NVX-DIRdescription
- Range: <1-0-3-802
- Range: <1-0-3-802
Patches
Vulnerability mechanics
References
4- support.crestron.comnvdVendor Advisory
- www.crestron.com/Security/Security-at-CrestronnvdVendor Advisory
- www.crestron.com/Software-Firmware/Firmware/DigitalMedia/DM-XIO/1-0-3-802nvdPermissions Required
- www.security.crestron.comnvdBroken Link
News mentions
0No linked articles in our index yet.