CVE-2019-3910
Summary
| CVE | CVE-2019-3910 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-01-18 18:29:00 UTC |
| Updated | 2020-08-24 17:37:00 UTC |
| Description | Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Crestron | Airmedia Am-100 | - | All | All | All |
| Hardware | Crestron | Airmedia Am-100 | - | All | All | All |
| Operating System | Crestron | Airmedia Am-100 Firmware | All | All | All | All |
| Operating System | Crestron | Airmedia Am-100 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [R1] Crestron AM-100 Authentication Bypass - Research Advisory | Tenable® | MISC | www.tenable.com | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.