Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crestron vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-11228
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices prior to 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).
Crestron Crestron Toolbox Protocol Firmware
2 Github repositories
9.8
CVSSv3
CVE-2018-11229
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices prior to 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP).
Crestron Crestron Toolbox Protocol Firmware
9.1
CVSSv3
CVE-2019-3910
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.
Crestron Airmedia Am-100 Firmware
7.5
CVSSv3
CVE-2016-5639
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware prior to 1.4.0.13 allows remote malicious users to read arbitrary files via a .. (dot dot) in the src parameter.
Crestron Airmedia Am-100 Firmware
1 EDB exploit
1 Github repository
9.8
CVSSv3
CVE-2016-5640
Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware prior to 1.4.0.13 allows remote malicious users to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter.
Crestron Airmedia Am-100 Firmware
3 Github repositories
8.8
CVSSv3
CVE-2022-34100
A vulnerability exists in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that fi...
Crestron Airmedia 4.3.1.39
7.8
CVSSv3
CVE-2022-34101
A vulnerability exists in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack.
Crestron Airmedia 4.3.1.39
8.8
CVSSv3
CVE-2022-34102
Insufficient access control vulnerability exists in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt.
Crestron Airmedia 4.3.1.39
8.8
CVSSv3
CVE-2022-40298
Crestron AirMedia for Windows prior to 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level s...
Crestron Airmedia 4.3.1.39
9.8
CVSSv3
CVE-2019-18184
Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function.
Crestron Dmc-stro Firmware 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »