Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Am\-100_firmware
(Crestron)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-04-30 | CVE-2019-3929 | The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A... | Wepresent_wipg\-1000p_firmware, Wepresent_wipg\-1600w_firmware, Hd_wireless_presentation_system_firmware, Am\-100_firmware, Am\-101_firmware, Sharelink_200_firmware, Sharelink_250_firmware, Liteshow3_firmware, Liteshow4_firmware, Wps\-Pro_firmware, Pn\-L703wa_firmware, Wips710_firmware | 9.8 | ||
| 2019-04-30 | CVE-2019-3928 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. A remote, unauthenticated attacker can use this vulnerability to access a restricted presentation or to become the presenter. | Am\-100_firmware, Am\-101_firmware | 5.3 | ||
| 2019-04-30 | CVE-2019-3932 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use this vulnerability to control external devices via the uart_bridge. | Am\-100_firmware, Am\-101_firmware | 9.8 | ||
| 2019-04-30 | CVE-2019-3935 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. A remote, unauthenticated attacker can use this vulnerability to start, stop, and disconnect active slideshows. | Am\-100_firmware, Am\-101_firmware | 9.1 | ||
| 2019-04-30 | CVE-2019-3938 | Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any configuration file since all the encryption logic is hard coded. A local attacker can use this vulnerability to gain access to devices username and passwords. | Am\-100_firmware, Am\-101_firmware | 7.8 |