Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.
References
Link | Resource |
---|---|
https://www.tenable.com/security/research/tra-2019-02 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: tenable
Published: 2019-01-18T18:00:00
Updated: 2019-01-18T18:57:01
Reserved: 2019-01-03T00:00:00
Link: CVE-2019-3910
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-01-18T18:29:00.417
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-3910
JSON object: View
Redhat Information
No data.
CWE