CVE-2016-5639

Опубликовано: 03 авг. 2016

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.

Ссылки

http://www.kb.cert.org/vuls/id/603047
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/92216
Third Party Advisory
VDB Entry
https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2016-05-001.md
Third Party Advisory
https://www.exploit-db.com/exploits/40813/
http://www.kb.cert.org/vuls/id/603047
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/92216
Third Party Advisory
VDB Entry
https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2016-05-001.md
Third Party Advisory
https://www.exploit-db.com/exploits/40813/

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:crestron:airmedia_am-100_firmware:*:*:*:*:*:*:*:*

Версия до 1.4.0.12 (включая)

cpe:2.3:h:crestron:airmedia_am-100:-:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.47818

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-rjpv-4h53-cfjp