Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use this vulnerability to control external devices via the uart_bridge.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
crestron am-100_firmware 1.6.0.2 |
||
crestron am-101_firmware 2.7.0.2 |