Crestron: Security Vulnerabilities
There is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access.
CVSS Score
8.4
EPSS Score
0.002
Published
2024-01-23
On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-07-17
Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level shell.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-09-23
Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-09-13
A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-13
A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-09-13
An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields.
CVSS Score
9.8
EPSS Score
0.936
Published
2022-01-15
On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-07-30
Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function.
CVSS Score
9.8
EPSS Score
0.214
Published
2019-11-27
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can use this vulnerability to download the current slide image without knowing the access code.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-04-30
Page 1