VYPR

AM-100

by Crestron

CVEs (16)

  • CVE-2019-3929KEVApr 30, 2019
    Crestron
    AM-100
    risk 0.23cvss epss 0.94

    The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware…

  • CVE-2019-3932Apr 30, 2019
    Crestron
    AM-100
    risk 0.01cvss epss 0.08

    Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use this vulnerability to control external devices via the uart_bridge.

  • CVE-2019-3930Apr 30, 2019
    Crestron
    AM-100
    risk 0.01cvss epss 0.09

    The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware…

  • CVE-2019-3926Apr 30, 2019
    Crestron
    AM-100
    risk 0.01cvss epss 0.16

    Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.14.1. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

  • CVE-2019-3925Apr 30, 2019
    Crestron
    AM-100
    risk 0.01cvss epss 0.16

    Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

  • CVE-2019-3939Apr 30, 2019
    Crestron
    AM-100
    risk 0.00cvss epss 0.04

    Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged access to the device.

  • CVE-2019-3938Apr 30, 2019
    Crestron
    AM-100
    risk 0.00cvss epss 0.00

    Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc binary. The same binary can be…

  • CVE-2019-3937Apr 30, 2019
    Crestron
    AM-100
    risk 0.00cvss epss 0.00

    Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in cleartext in the file /tmp/scfgdndf. A local attacker can use this vulnerability to recover sensitive data.

  • CVE-2019-3936Apr 30, 2019
    Crestron
    AM-100
    risk 0.00cvss epss 0.02

    Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. The request will force the slideshow to transition into a "stopped" state. A remote, unauthenticated attacker can use this…

  • CVE-2019-3935Apr 30, 2019
    Crestron
    AM-100
    risk 0.00cvss epss 0.01

    Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. A remote, unauthenticated attacker can use this vulnerability to start, stop, and disconnect active…

  • CVE-2019-3934Apr 30, 2019
    Crestron
    AM-100
    risk 0.00cvss epss 0.00

    Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can use this vulnerability to download the current slide image without…

  • CVE-2019-3933Apr 30, 2019
    Crestron
    AM-100
    risk 0.00cvss epss 0.00

    Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP. A remote, unauthenticated attacker can use this vulnerability to watch a slideshow without knowing the…

  • CVE-2019-3931Apr 30, 2019
    Crestron
    AM-100
    risk 0.00cvss epss 0.02

    Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can use this vulnerability to upload files to the device and ultimately…

  • CVE-2019-3928Apr 30, 2019
    Crestron
    AM-100
    risk 0.00cvss epss 0.01

    Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. A remote, unauthenticated attacker can use this vulnerability to access a restricted presentation or to become…

  • CVE-2019-3927Apr 30, 2019
    Crestron
    AM-100
    risk 0.00cvss epss 0.02

    Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker can use this vulnerability to…

  • CVE-2019-3910Jan 18, 2019
    Crestron
    AM-100
    risk 0.00cvss epss 0.05

    Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.