Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crestron vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-11228
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices prior to 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).
Crestron Crestron Toolbox Protocol Firmware
2 Github repositories
9.8
CVSSv3
CVE-2018-11229
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices prior to 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP).
Crestron Crestron Toolbox Protocol Firmware
8.8
CVSSv3
CVE-2022-34100
A vulnerability exists in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that fi...
Crestron Airmedia 4.3.1.39
7.8
CVSSv3
CVE-2022-34101
A vulnerability exists in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack.
Crestron Airmedia 4.3.1.39
8.8
CVSSv3
CVE-2022-34102
Insufficient access control vulnerability exists in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt.
Crestron Airmedia 4.3.1.39
8.8
CVSSv3
CVE-2022-40298
Crestron AirMedia for Windows prior to 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level s...
Crestron Airmedia 4.3.1.39
9.1
CVSSv3
CVE-2019-3910
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.
Crestron Airmedia Am-100 Firmware
7.5
CVSSv3
CVE-2016-5639
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware prior to 1.4.0.13 allows remote malicious users to read arbitrary files via a .. (dot dot) in the src parameter.
Crestron Airmedia Am-100 Firmware
1 EDB exploit
1 Github repository
9.8
CVSSv3
CVE-2016-5640
Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware prior to 1.4.0.13 allows remote malicious users to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter.
Crestron Airmedia Am-100 Firmware
3 Github repositories
7.8
CVSSv3
CVE-2023-6926
There is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access.
Crestron Am-300 Firmware 1.4499.00018
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »