Crestron Dm-Txrx-100-Str Firmware vulnerabilities
6 known vulnerabilities affecting crestron/dm-txrx-100-str_firmware.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH1
Vulnerabilities
Page 1 of 1
CVE-2016-5668P2CRITICALCVSS 9.8v1.2866.000262016-08-03
CVE-2016-5668 [CRITICAL] CVE-2016-5668: Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attacker
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call.
nvd
CVE-2016-5667P2CRITICALCVSS 9.8v1.2866.000262016-08-03
CVE-2016-5667 [CRITICAL] CVE-2016-5667: Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attacker
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html.
nvd
CVE-2016-5666P2CRITICALCVSS 9.8v1.2866.000262016-08-03
CVE-2016-5666 [CRITICAL] CVE-2016-5666: Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1.
nvd
CVE-2016-5670P3CRITICALCVSS 9.8v1.2866.000262016-08-03
CVE-2016-5670 [CRITICAL] CWE-255 CVE-2016-5670: Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded pass
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface.
nvd
CVE-2016-5669P3CRITICALCVSS 9.8v1.2866.000262016-08-03
CVE-2016-5669 [CRITICAL] CVE-2016-5669: Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9e
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate's trust relationship.
nvd
CVE-2016-5671P3HIGHCVSS 8.8≤ 1.2866.000262016-08-03
CVE-2016-5671 [HIGH] CWE-352 CVE-2016-5671: Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR d
Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users.
nvd