Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crestron vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-38405
On Crestron 3-Series Control Systems prior to 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash.
Crestron Cp3n 6505417 Firmware
Crestron Cp3 6504877 Firmware
Crestron Cp3-gv 6506034 Firmware
9.8
CVSSv3
CVE-2018-5553
The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access.
Crestron Dge-100 Firmware
Crestron Dm-dge-200-c Firmware
Crestron Ts-1542-c Firmware
9.8
CVSSv3
CVE-2018-10630
For Crestron TSW-X60 version before 2.001.0037.001 and MC3 version before 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left o...
Crestron Tsw-x60 Firmware
Crestron Mc3 Firmware
8.8
CVSSv3
CVE-2018-13341
Crestron TSW-X60 all versions before 2.001.0037.001 and MC3 all versions before 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow t...
Crestron Tsw-x60 Firmware
Crestron Mc3 Firmware
2 Github repositories
7.2
CVSSv3
CVE-2017-16709
Crestron Airmedia AM-100 devices with firmware prior to 1.6.0 and AM-101 devices with firmware prior to 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.
Crestron Airmedia Am-100 Firmware
Crestron Airmedia Am-101 Firmware
1 EDB exploit
4.8
CVSSv3
CVE-2017-16710
Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware prior to 1.6.0 and AM-101 devices with firmware prior to 2.7.0 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Crestron Airmedia Am-100 Firmware
Crestron Airmedia Am-101 Firmware
9.8
CVSSv3
CVE-2019-3925
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
Crestron Am-100 Firmware 1.6.0.2
Crestron Am-101 Firmware 2.7.0.2
9.8
CVSSv3
CVE-2019-3927
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker can use this vulnerability to chan...
Crestron Am-100 Firmware 1.6.0.2
Crestron Am-101 Firmware 2.7.0.2
8.8
CVSSv3
CVE-2019-3931
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can use this vulnerability to upload files to the device and ultimately exec...
Crestron Am-100 Firmware 1.6.0.2
Crestron Am-101 Firmware 2.7.0.2
5.3
CVSSv3
CVE-2019-3933
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP. A remote, unauthenticated attacker can use this vulnerability to watch a slideshow without knowing the acce...
Crestron Am-100 Firmware 1.6.0.2
Crestron Am-101 Firmware 2.7.0.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »