Vulnerability Details CVE-2019-3937
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in cleartext in the file /tmp/scfgdndf. A local attacker can use this vulnerability to recover sensitive data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 2.1
References
Products affected by CVE-2019-3937
-
cpe:2.3:h:crestron:am-100:-
-
cpe:2.3:h:crestron:am-101:-
-
cpe:2.3:o:crestron:am-100_firmware:1.6.0.2
-
cpe:2.3:o:crestron:am-101_firmware:2.7.0.2