Crestron Airmedia Am-100 Firmware vulnerabilities
5 known vulnerabilities affecting crestron/airmedia_am-100_firmware.
Total CVEs
5
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2017-16709P2HIGHCVSS 7.2PoCfixed in 1.6.02018-07-11
CVE-2017-16709 [HIGH] CVE-2017-16709: Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.
nvd
CVE-2016-5639P2HIGHCVSS 7.5PoC≤ 1.4.0.122016-08-03
CVE-2016-5639 [HIGH] CWE-22 CVE-2016-5639: Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firm
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.
nvd
CVE-2016-5640P2CRITICALCVSS 9.8≤ 1.2.12016-08-03
CVE-2016-5640 [CRITICAL] CWE-77 CVE-2016-5640: Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with fir
Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter.
nvd
CVE-2019-3910P2CRITICALCVSS 9.1fixed in 1.6.0.22019-01-18
CVE-2019-3910 [CRITICAL] CVE-2019-3910: Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interfa
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.
nvd
CVE-2017-16710P4MEDIUMCVSS 4.8fixed in 1.6.02018-07-11
CVE-2017-16710 [MEDIUM] CWE-79 CVE-2017-16710: Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.
Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd