GCVE - cpe:2.3:h:crestron:dm-txrx-100-str:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:crestron:dm-txrx-100-str:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Crestron (`c3f889c7-b88c-556e-9a5e-f70525099cf1`)
Product	Dm Txrx 100 Str (`adad761a-c5be-5b1e-990b-f481e9fbfb2c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-5671`	not_vulnerable	2026-06-03 14:35:55.538974	Details available Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users. Published: 2016-08-03T01:00:00.000Z Updated: 2024-08-06T01:07:59.956Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/92211 http://www.kb.cert.org/vuls/id/974424	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5670`	not_vulnerable	2026-06-03 14:35:55.536256	Details available Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface. Published: 2016-08-03T01:00:00.000Z Updated: 2024-08-06T01:08:00.546Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/92211 http://www.kb.cert.org/vuls/id/974424	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5669`	not_vulnerable	2026-06-03 14:35:55.535934	Details available Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate's trust relationship. Published: 2016-08-03T01:00:00.000Z Updated: 2024-08-06T01:08:00.252Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/92211 http://www.kb.cert.org/vuls/id/974424	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5668`	not_vulnerable	2026-06-03 14:35:55.535615	Details available Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call. Published: 2016-08-03T01:00:00.000Z Updated: 2024-08-06T01:08:00.685Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/92211 http://www.kb.cert.org/vuls/id/974424	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5667`	not_vulnerable	2026-06-03 14:35:55.535271	Details available Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html. Published: 2016-08-03T01:00:00.000Z Updated: 2024-08-06T01:08:00.240Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/92211 http://www.kb.cert.org/vuls/id/974424	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5666`	not_vulnerable	2026-06-03 14:35:55.534833	Details available Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1. Published: 2016-08-03T01:00:00.000Z Updated: 2024-08-06T01:07:59.908Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/92211 http://www.kb.cert.org/vuls/id/974424	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.