{"containers": {"cna": {"affected": [{"product": "Crestron AM-100 Before 1.6.0.2", "vendor": "n/a", "versions": [{"status": "affected", "version": "Crestron AM-100 Before 1.6.0.2"}]}], "datePublic": "2019-01-18T00:00:00", "descriptions": [{"lang": "en", "value": "Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device."}], "problemTypes": [{"descriptions": [{"description": "Authentication Bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-01-18T18:57:01", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2019-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2019-3910", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Crestron AM-100 Before 1.6.0.2", "version": {"version_data": [{"version_value": "Crestron AM-100 Before 1.6.0.2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Authentication Bypass"}]}]}, "references": {"reference_data": [{"name": "https://www.tenable.com/security/research/tra-2019-02", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2019-02"}]}}}}, "cveMetadata": {"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2019-3910", "datePublished": "2019-01-18T18:00:00", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2019-01-18T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:crestron:airmedia_am-100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "594D9A9A-A64D-40E3-B9BF-5D1765623CB2", "versionEndExcluding": "1.6.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:crestron:airmedia_am-100:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA211175-30DE-466A-BEE9-8BD9EF2A25DE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device."}, {"lang": "es", "value": "Crestron AM-100, en versiones de firmware anteriores a la 1.6.0.2, contiene una omisi\u00f3n de autenticaci\u00f3n en el script \"return.cgi\" de la interfaz web. Usuarios remotos no autenticados pueden hacer uso de la omisi\u00f3n para acceder a algunas funcionalidades del administrador, como pueden ser la configuraci\u00f3n de la actualizaci\u00f3n de fuentes y el reinicio del dispositivo."}], "id": "CVE-2019-3910", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-18T18:29:00.417", "references": [{"source": "vulnreport@tenable.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2019-02"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}