Crestron Am-101_firmware
15 CVEs affecting Crestron Am-101_firmware. Latest disclosed: 2019-04-30. Critical: 8, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-3939 | Critical | 9.8 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An un… |
CVE-2019-3932 | Critical | 9.8 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A re… |
CVE-2019-3930 | Critical | 9.8 | 2019-04-30 | The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmwar… |
CVE-2019-3929 | Critical | 9.8 | 2019-04-30 | The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmwar… |
CVE-2019-3927 | Critical | 9.8 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.1… |
CVE-2019-3926 | Critical | 9.8 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.14.1. A remo… |
CVE-2019-3925 | Critical | 9.8 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3. A remot… |
CVE-2019-3935 | Critical | 9.1 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to co… |
CVE-2019-3931 | High | 8.8 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to… |
CVE-2019-3938 | High | 7.8 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via t… |
CVE-2019-3937 | High | 7.8 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in clea… |
CVE-2019-3936 | High | 7.5 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. The request wi… |
CVE-2019-3934 | Medium | 5.3 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to log… |
CVE-2019-3933 | Medium | 5.3 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide… |
CVE-2019-3928 | Medium | 5.3 | 2019-04-30 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7… |