cbcvebase.
CVE-2022-23178
published 2022-01-15

CVE-2022-23178: An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated…

PriorityP188critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
75.71%
99.5th percentile
An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields.

Affected

1 ranges
VendorProductVersion rangeFixed in
crestronhd-md4x2-4k-e_firmware

Detection & IOCsextracted from sources · hover to see the quote

path/aj.html?a=devi
path/aj.html
sigma
HTTP GET /aj.html?a=devi returning JSON body containing '"uname":' and '"upassword":'
  • Unauthenticated GET request to /aj.html?a=devi on Crestron HD-MD4X2-4K-E devices returns a JSON body containing plaintext credentials in 'uname' and 'upassword' fields — monitor for this response pattern on the network.
  • Detect exploitation attempts by alerting on HTTP 200 responses to /aj.html that contain both '"uname":' and '"upassword":' in the response body.
  • The vulnerability requires no authentication (PR:N, UI:N); any unauthenticated client visiting the device web interface will automatically trigger the credential-leaking request to aj.html.
  • Post-disclosure access allows firmware upload/install; monitor for subsequent firmware upload requests following successful credential retrieval from aj.html.
  • ·No fix is available; the vendor confirmed the vulnerability will not be corrected. Mitigation is limited to network-level access restriction (e.g., firewall).
  • ·The vendor recommended migrating to the HD-MD-4KZ as an alternative device, as the HD-MD4X2-4K-E does not support Crestron's security practices.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.