GCVE - cpe:2.3:o:crestron:airmedia_am-100_firmware:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:crestron:airmedia_am-100_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Crestron (`c3f889c7-b88c-556e-9a5e-f70525099cf1`)
Product	Airmedia Am 100 Firmware (`32e75dc7-af32-5702-b15a-c8ba38779627`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-3910`	vulnerable	2026-06-03 14:40:27.859949	Details available Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device. Published: 2019-01-18T18:00:00.000Z Updated: 2024-08-04T19:26:26.668Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2019-02	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-16710`	vulnerable	2026-06-03 14:36:48.316835	Details available Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: 2018-07-11T16:00:00.000Z Updated: 2024-08-05T20:35:19.914Z Open on db.gcve.eu Reference links https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE-2017-16710	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-16709`	vulnerable	2026-06-03 14:36:48.313139	Details available Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors. Published: 2018-07-11T16:00:00.000Z Updated: 2024-08-05T20:35:19.902Z Open on db.gcve.eu Reference links https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE-2017-16709 https://www.tenable.com/security/research/tra-2019-20 http://packetstormsecurity.com/files/154362/AwindInc-SNMP-Service-Command-Injection.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5640`	vulnerable	2026-06-03 14:35:55.505127	Details available Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter. Published: 2016-08-03T01:00:00.000Z Updated: 2024-08-06T01:07:58.744Z Open on db.gcve.eu Reference links https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2016-05-002.md http://www.securityfocus.com/bid/92216 http://www.kb.cert.org/vuls/id/603047	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-5639`	vulnerable	2026-06-03 14:35:55.503565	Details available Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter. Published: 2016-08-03T01:00:00.000Z Updated: 2024-08-06T01:08:00.413Z Open on db.gcve.eu Reference links https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2016-05-001.md https://www.exploit-db.com/exploits/40813/ http://www.securityfocus.com/bid/92216 http://www.kb.cert.org/vuls/id/603047	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.