Crestron Airmedia
Approved changes feed: RSS · Atom
cpe:2.3:a:crestron:crestron_airmedia:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Crestron (c3f889c7-b88c-556e-9a5e-f70525099cf1) |
|---|---|
| Product | Crestron Airmedia (91b43f81-1786-5797-af3c-166dfb32edd7) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-3939 |
vulnerable | 2026-06-03 14:40:27.906791 |
Details available
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged access to the device.
Published: 2019-04-30T20:40:18.000Z
Updated: 2024-08-04T19:26:27.803Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3938 |
vulnerable | 2026-06-03 14:40:27.906452 |
Details available
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any configuration file since all the encryption logic is hard coded. A local attacker can use this vulnerability to gain access to devices username and passwords.
Published: 2019-04-30T20:39:24.000Z
Updated: 2024-08-04T19:26:27.938Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3937 |
vulnerable | 2026-06-03 14:40:27.906074 |
Details available
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in cleartext in the file /tmp/scfgdndf. A local attacker can use this vulnerability to recover sensitive data.
Published: 2019-04-30T20:38:24.000Z
Updated: 2024-08-04T19:26:27.781Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3936 |
vulnerable | 2026-06-03 14:40:27.905722 |
Details available
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. The request will force the slideshow to transition into a "stopped" state. A remote, unauthenticated attacker can use this vulnerability to stop an active slideshow.
Published: 2019-04-30T20:35:48.000Z
Updated: 2024-08-04T19:26:27.921Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3935 |
vulnerable | 2026-06-03 14:40:27.905358 |
Details available
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. A remote, unauthenticated attacker can use this vulnerability to start, stop, and disconnect active slideshows.
Published: 2019-04-30T20:34:51.000Z
Updated: 2024-08-04T19:26:27.786Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3934 |
vulnerable | 2026-06-03 14:40:27.904991 |
Details available
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can use this vulnerability to download the current slide image without knowing the access code.
Published: 2019-04-30T20:34:03.000Z
Updated: 2024-08-04T19:26:27.453Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3933 |
vulnerable | 2026-06-03 14:40:27.904630 |
Details available
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP. A remote, unauthenticated attacker can use this vulnerability to watch a slideshow without knowing the access code.
Published: 2019-04-30T20:30:50.000Z
Updated: 2024-08-04T19:26:27.523Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3932 |
vulnerable | 2026-06-03 14:40:27.904167 |
Details available
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use this vulnerability to control external devices via the uart_bridge.
Published: 2019-04-30T20:30:02.000Z
Updated: 2024-08-04T19:26:27.558Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3931 |
vulnerable | 2026-06-03 14:40:27.903782 |
Details available
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can use this vulnerability to upload files to the device and ultimately execute code as root.
Published: 2019-04-30T20:28:44.000Z
Updated: 2024-08-04T19:26:27.568Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3928 |
vulnerable | 2026-06-03 14:40:27.887708 |
Details available
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. A remote, unauthenticated attacker can use this vulnerability to access a restricted presentation or to become the presenter.
Published: 2019-04-30T20:18:34.000Z
Updated: 2024-08-04T19:26:27.641Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3927 |
vulnerable | 2026-06-03 14:40:27.887343 |
Details available
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker can use this vulnerability to change the admin or moderator user's password and gain access to restricted areas on the HTTP interface.
Published: 2019-04-30T20:15:32.000Z
Updated: 2024-08-04T19:26:27.355Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3926 |
vulnerable | 2026-06-03 14:40:27.886932 |
Details available
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.14.1. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
Published: 2019-04-30T20:12:46.000Z
Updated: 2024-08-04T19:26:27.268Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-3925 |
vulnerable | 2026-06-03 14:40:27.884367 |
Details available
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
Published: 2019-04-30T20:09:51.000Z
Updated: 2024-08-04T19:26:26.699Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.