CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-3925

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.305

EPSS Ranking 96.4%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

https://www.tenable.com/security/research/tra-2019-20
https://www.tenable.com/security/research/tra-2019-20

Products affected by CVE-2019-3925

Crestron » Am-100 » Version: N/A

cpe:2.3:h:crestron:am-100:-
Crestron » Am-101 » Version: N/A

cpe:2.3:h:crestron:am-101:-
Crestron » Am-100 Firmware » Version: 1.6.0.2

cpe:2.3:o:crestron:am-100_firmware:1.6.0.2
Crestron » Am-101 Firmware » Version: 2.7.0.2

cpe:2.3:o:crestron:am-101_firmware:2.7.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-3925

Products

Pricing

Contact Us