Vulnerability Details CVE-2017-16709
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.711
EPSS Ranking 98.6%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/154362/AwindInc-SNMP-Service-Command-Injection.html
- https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE-2017-16709
- https://www.tenable.com/security/research/tra-2019-20
- http://packetstormsecurity.com/files/154362/AwindInc-SNMP-Service-Command-Injection.html
- https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE-2017-16709
- https://www.tenable.com/security/research/tra-2019-20
Products affected by CVE-2017-16709
-
cpe:2.3:h:crestron:airmedia_am-100:-
-
cpe:2.3:h:crestron:airmedia_am-101:-
-
cpe:2.3:o:crestron:airmedia_am-100_firmware:-
-
cpe:2.3:o:crestron:airmedia_am-100_firmware:1.2.1
-
cpe:2.3:o:crestron:airmedia_am-100_firmware:1.4.0.12
-
cpe:2.3:o:crestron:airmedia_am-101_firmware:-