Published: 03/08/2016 Updated: 03/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware prior to 1.4.0.13 allows remote malicious users to read arbitrary files via a .. (dot dot) in the src parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
crestron airmedia_am-100_firmware

================================================================= # Crestron AM-100 (Multiple Vulnerabilities) ================================================================= # Date: 2016-08-01 # Exploit Author: Zach Lanier # Vendor Homepage: wwwcrestroncom/products/model/am-100 # Version: v11111 - v121 # CVE: CVE-2016-5639 # Refe ...

Crestron AM-100 versions 11111 through 121 suffer from hard-coded credential and path traversal vulnerabilities ...

Crestron AirMedia AM-100 Traversal and Hashdump Metasploit Modules

CVE-2016-5639 Crestron AirMedia AM-100 Traversal and Hashdump Metasploit Modules Two similar modules that take advantage of CVE-2016-5639 to dump hashes and retrieve files through path traversal I made these modules separate because I wanted experience writing something that could "dump" hashes, correctly format them for cracking, and add them to the loot Any sugges

CWE-22 http://www.kb.cert.org/vuls/id/603047 https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2016-05-001.md http://www.securityfocus.com/bid/92216 https://www.exploit-db.com/exploits/40813/https://nvd.nist.gov https://github.com/xfox64x/CVE-2016-5639 https://www.exploit-db.com/exploits/40813/https://www.kb.cert.org/vuls/id/603047

CVE-2016-5639

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect