AirMedia AM-100
by Crestron
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-5640 | Cri | 0.68 | 9.8 | 0.52 | Aug 3, 2016 | Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter. | ||
| CVE-2016-5639 | Hig | 0.56 | 7.5 | 0.48 | Aug 3, 2016 | Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter. | ||
| CVE-2017-16709 | 0.10 | — | 0.82 | Jul 11, 2018 | Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors. | |||
| CVE-2022-40298 | 0.00 | — | 0.00 | Sep 22, 2022 | Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level… | |||
| CVE-2017-16710 | 0.00 | — | 0.00 | Jul 11, 2018 | Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
- risk 0.68cvss 9.8epss 0.52
Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter.
- risk 0.56cvss 7.5epss 0.48
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.
- CVE-2017-16709Jul 11, 2018risk 0.10cvss —epss 0.82
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.
- CVE-2022-40298Sep 22, 2022risk 0.00cvss —epss 0.00
Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level…
- CVE-2017-16710Jul 11, 2018risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.