Описание
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.6.0.2 (исключая)
Одновременно
cpe:2.3:o:crestron:airmedia_am-100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:crestron:airmedia_am-100:-:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.05464
Низкий
9.1 Critical
CVSS3
8.5 High
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 9.1
github
больше 3 лет назад
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.
EPSS
Процентиль: 90%
0.05464
Низкий
9.1 Critical
CVSS3
8.5 High
CVSS2
Дефекты
NVD-CWE-noinfo