This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Crestron First view 2016-08-02
Product Dm-Txrx-100-Str Firmware Last view 2016-08-02
Version 1.2866.00026 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:crestron:dm-txrx-100-str_firmware

Activity : Overall

Related : CVE

  Date Alert Description
8.8 2016-08-02 CVE-2016-5671

Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users.

9.8 2016-08-02 CVE-2016-5670

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface.

9.8 2016-08-02 CVE-2016-5669

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate's trust relationship.

9.8 2016-08-02 CVE-2016-5668

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call.

9.8 2016-08-02 CVE-2016-5667

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html.

9.8 2016-08-02 CVE-2016-5666

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-352 Cross-Site Request Forgery (CSRF)
50% (1) CWE-255 Credentials Management