This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Crestron First view 2016-08-02
Product Airmedia Am-100 Firmware Last view 2019-01-18
Version * Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:crestron:airmedia_am-100_firmware

Activity : Overall

Related : CVE

  Date Alert Description
9.1 2019-01-18 CVE-2019-3910

Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.

4.8 2018-07-11 CVE-2017-16710

Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

7.2 2018-07-11 CVE-2017-16709

Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.

9.8 2016-08-02 CVE-2016-5640

Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter.

7.5 2016-08-02 CVE-2016-5639

Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
33% (1) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...
33% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...