On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
crestron dm-nvx-dir-80 firmware 1.0.1.788 |
||
crestron dm-nvx-dir-160 firmware 1.0.1.788 |
||
crestron dm-nvx-dir-ent firmware 1.0.1.788 |