Crestron Am-100 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Crestron Am-100 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2019-3939 — CVSS 9.8 (critical): Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the…
CVE-2019-3926 — CVSS 9.8 (critical): Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID…
CVE-2019-3927 — CVSS 9.8 (critical): Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the…
CVE-2019-3932 — CVSS 9.8 (critical): Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password…
CVE-2019-3925 — CVSS 9.8 (critical): Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID…
CVE-2019-3935 — CVSS 9.1 (critical): Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP…
CVE-2019-3931 — CVSS 8.8 (high): Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via…
CVE-2019-3938 — CVSS 7.8 (high): Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the…
CVE-2019-3937 — CVSS 7.8 (high): Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other…
CVE-2019-3936 — CVSS 7.5 (high): Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port…
CVE-2019-3928 — CVSS 5.3 (medium): Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the…
CVE-2019-3933 — CVSS 5.3 (medium): Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting…
CVE-2019-3934 — CVSS 5.3 (medium): Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP…