Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crestron vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-38405
On Crestron 3-Series Control Systems prior to 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash.
Crestron Cp3n 6505417 Firmware
Crestron Cp3 6504877 Firmware
Crestron Cp3-gv 6506034 Firmware
10
CVSSv2
CVE-2018-5553
The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access.
Crestron Dge-100 Firmware
Crestron Dm-dge-200-c Firmware
Crestron Ts-1542-c Firmware
4
CVSSv2
CVE-2018-13341
Crestron TSW-X60 all versions before 2.001.0037.001 and MC3 all versions before 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow t...
Crestron Tsw-x60 Firmware
Crestron Mc3 Firmware
2 Github repositories
10
CVSSv2
CVE-2018-10630
For Crestron TSW-X60 version before 2.001.0037.001 and MC3 version before 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left o...
Crestron Tsw-x60 Firmware
Crestron Mc3 Firmware
3.5
CVSSv2
CVE-2017-16710
Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware prior to 1.6.0 and AM-101 devices with firmware prior to 2.7.0 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Crestron Airmedia Am-100 Firmware
Crestron Airmedia Am-101 Firmware
6.5
CVSSv2
CVE-2017-16709
Crestron Airmedia AM-100 devices with firmware prior to 1.6.0 and AM-101 devices with firmware prior to 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.
Crestron Airmedia Am-100 Firmware
Crestron Airmedia Am-101 Firmware
1 EDB exploit
10
CVSSv2
CVE-2019-3925
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
Crestron Am-100 Firmware 1.6.0.2
Crestron Am-101 Firmware 2.7.0.2
10
CVSSv2
CVE-2019-3926
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.14.1. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
Crestron Am-100 Firmware 1.6.0.2
Crestron Am-101 Firmware 2.7.0.2
5
CVSSv2
CVE-2019-3927
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker can use this vulnerability to chan...
Crestron Am-100 Firmware 1.6.0.2
Crestron Am-101 Firmware 2.7.0.2
5
CVSSv2
CVE-2019-3928
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. A remote, unauthenticated attacker can use this vulnerability to access a restricted presentation or to become th...
Crestron Am-100 Firmware 1.6.0.2
Crestron Am-101 Firmware 2.7.0.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »