Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crestron vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-6926
There is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access.
Crestron Am-300 Firmware 1.4499.00018
NA
CVE-2023-38405
On Crestron 3-Series Control Systems prior to 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash.
Crestron Cp3n 6505417 Firmware
Crestron Cp3 6504877 Firmware
Crestron Cp3-gv 6506034 Firmware
NA
CVE-2022-40298
Crestron AirMedia for Windows prior to 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level s...
Crestron Airmedia 4.3.1.39
NA
CVE-2022-34101
A vulnerability exists in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack.
Crestron Airmedia 4.3.1.39
NA
CVE-2022-34102
Insufficient access control vulnerability exists in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt.
Crestron Airmedia 4.3.1.39
NA
CVE-2022-34100
A vulnerability exists in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that fi...
Crestron Airmedia 4.3.1.39
890
VMScore
CVE-2022-23178
An issue exists on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document wi...
Crestron Hd-md4x2-4k-e Firmware 1.0.0.2159
1 Github repository
445
VMScore
CVE-2020-16839
On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request.
Crestron Dm-nvx-dir-80 Firmware 1.0.1.788
Crestron Dm-nvx-dir-160 Firmware 1.0.1.788
Crestron Dm-nvx-dir-ent Firmware 1.0.1.788
890
VMScore
CVE-2019-18184
Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function.
Crestron Dmc-stro Firmware 1.0
801
VMScore
CVE-2019-3931
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can use this vulnerability to upload files to the device and ultimately exec...
Crestron Am-100 Firmware 1.6.0.2
Crestron Am-101 Firmware 2.7.0.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »