CVE-2020-16839 - OpenCVE

On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Crestron	Dm-nvx-dir-80 Dm-nvx-dir-ent Firmware Dm-nvx-dir-ent Dm-nvx-dir-160 Dm-nvx-dir-80 Firmware Dm-nvx-dir-160 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:crestron:dm-nvx-dir-80_firmware:1.0.1.788:*:*:*:*:*:*:*

cpe:2.3:h:crestron:dm-nvx-dir-80:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:crestron:dm-nvx-dir-160_firmware:1.0.1.788:*:*:*:*:*:*:*

cpe:2.3:h:crestron:dm-nvx-dir-160:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:crestron:dm-nvx-dir-ent_firmware:1.0.1.788:*:*:*:*:*:*:*

cpe:2.3:h:crestron:dm-nvx-dir-ent:-:*:*:*:*:*:*:*

References

Link	Resource
https://support.crestron.com	Vendor Advisory
https://www.crestron.com/Security/Security-at-Crestron	Vendor Advisory
https://www.crestron.com/Software-Firmware/Firmware/DigitalMedia/DM-XIO/1-0-3-802	Permissions Required
https://www.security.crestron.com	Broken Link

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-07-27T14:20:25

Updated: 2021-07-27T14:20:25

Reserved: 2020-08-04T00:00:00

Link: CVE-2020-16839

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-07-30T14:15:13.263

Modified: 2022-07-12T17:42:04.277

Link: CVE-2020-16839

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-27T14:20:25", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.crestron.com"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.crestron.com/Software-Firmware/Firmware/DigitalMedia/DM-XIO/1-0-3-802"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.security.crestron.com"}], "source": {"discovery": "INTERNAL"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-16839", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://support.crestron.com", "refsource": "MISC", "url": "https://support.crestron.com"}, {"name": "https://www.crestron.com/Software-Firmware/Firmware/DigitalMedia/DM-XIO/1-0-3-802", "refsource": "CONFIRM", "url": "https://www.crestron.com/Software-Firmware/Firmware/DigitalMedia/DM-XIO/1-0-3-802"}, {"name": "https://www.security.crestron.com", "refsource": "CONFIRM", "url": "https://www.security.crestron.com"}]}, "source": {"discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-16839", "datePublished": "2021-07-27T14:20:25", "dateReserved": "2020-08-04T00:00:00", "dateUpdated": "2021-07-27T14:20:25", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:crestron:dm-nvx-dir-80_firmware:1.0.1.788:*:*:*:*:*:*:*", "matchCriteriaId": "15C1E995-7ED6-41B5-8CBB-6997CBE39606", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:crestron:dm-nvx-dir-80:-:*:*:*:*:*:*:*", "matchCriteriaId": "1EE8C233-ED65-4C48-B47B-2A3F527D6B36", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:crestron:dm-nvx-dir-160_firmware:1.0.1.788:*:*:*:*:*:*:*", "matchCriteriaId": "1ECBD70E-3468-4E20-9426-9AC3BC9B69FA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:crestron:dm-nvx-dir-160:-:*:*:*:*:*:*:*", "matchCriteriaId": "E91B3A82-FC1A-4FBB-9989-5603D0314BC6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:crestron:dm-nvx-dir-ent_firmware:1.0.1.788:*:*:*:*:*:*:*", "matchCriteriaId": "8B3016A1-3D7B-4C8A-8F99-E3B5BF3269B1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:crestron:dm-nvx-dir-ent:-:*:*:*:*:*:*:*", "matchCriteriaId": "B546575C-524E-48F8-AD0B-E0A35DC0A5DC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request."}, {"lang": "es", "value": "En los dispositivos Crestron DM-NVX-DIR, DM-NVX-DIR80 y DM-NVX-ENT anteriores al parche DM-XIO/1-0-3-802, la contrase\u00f1a puede ser cambiada mediante el env\u00edo de una petici\u00f3n WebSocket no autenticada"}], "id": "CVE-2020-16839", "lastModified": "2022-07-12T17:42:04.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-30T14:15:13.263", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.crestron.com"}, {"source": "nvd@nist.gov", "tags": ["Vendor Advisory"], "url": "https://www.crestron.com/Security/Security-at-Crestron"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "https://www.crestron.com/Software-Firmware/Firmware/DigitalMedia/DM-XIO/1-0-3-802"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://www.security.crestron.com"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}