Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
crestron vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2016-5670
Crestron Electronics DM-TXRX-100-STR devices with firmware prior to 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote malicious users to obtain access via the web management interface.
Crestron Dm-txrx-100-str Firmware 1.2866.00026
801
VMScore
CVE-2019-3931
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can use this vulnerability to upload files to the device and ultimately exec...
Crestron Am-100 Firmware 1.6.0.2
Crestron Am-101 Firmware 2.7.0.2
756
VMScore
CVE-2019-3910
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.
Crestron Airmedia Am-100 Firmware
668
VMScore
CVE-2019-3932
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use this vulnerability to control external devices via the uart_bridge.
Crestron Am-100 Firmware 1.6.0.2
Crestron Am-101 Firmware 2.7.0.2
668
VMScore
CVE-2019-3939
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged access to the device.
Crestron Am-100 Firmware 1.6.0.2
Crestron Am-101 Firmware 2.7.0.2
668
VMScore
CVE-2018-11229
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices prior to 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP).
Crestron Crestron Toolbox Protocol Firmware
668
VMScore
CVE-2016-5667
Crestron Electronics DM-TXRX-100-STR devices with firmware prior to 1.3039.00040 allow remote malicious users to bypass authentication via a direct request to a page other than index.html.
Crestron Dm-txrx-100-str Firmware 1.2866.00026
668
VMScore
CVE-2016-5668
Crestron Electronics DM-TXRX-100-STR devices with firmware prior to 1.3039.00040 allow remote malicious users to bypass authentication and change settings via a JSON API call.
Crestron Dm-txrx-100-str Firmware 1.2866.00026
655
VMScore
CVE-2017-16709
Crestron Airmedia AM-100 devices with firmware prior to 1.6.0 and AM-101 devices with firmware prior to 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.
Crestron Airmedia Am-100 Firmware
Crestron Airmedia Am-101 Firmware
1 EDB exploit
605
VMScore
CVE-2016-5671
Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware up to and including 1.3039.00040 allow remote malicious users to hijack the authentication of arbitrary users.
Crestron Dm-txrx-100-str Firmware
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »