Vulnerability Details CVE-2019-3910
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.055
EPSS Ranking 89.7%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 8.5
References
Products affected by CVE-2019-3910
-
cpe:2.3:h:crestron:airmedia_am-100:-
-
cpe:2.3:o:crestron:airmedia_am-100_firmware:-
-
cpe:2.3:o:crestron:airmedia_am-100_firmware:1.2.1
-
cpe:2.3:o:crestron:airmedia_am-100_firmware:1.4.0.12
-
cpe:2.3:o:crestron:airmedia_am-100_firmware:1.6.0