CVSS: 7.2EPSS: 67%CPEs: 4EXPL: 1CVE-2017-16709 – AwindInc SNMP Service - Command Injection
https://notcve.org/view.php?id=CVE-2017-16709
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors. Los dispositivos Crestron Airmedia AM-100 con firmware en versiones anteriores a la 1.6.0 y dispositivos AM-101 con firmware en versiones anteriores a la 2.7.0 permite que administradores autenticados remotos ejecuten código arbitrario mediante vectores sin especificar. • https://www.exploit-db.com/exploits/47353 http://packetstormsecurity.com/files/154362/AwindInc-SNMP-Service-Command-Injection.html https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE-2017-16709 https://www.tenable.com/security/research/tra-2019-20 https://github.com/QKaiser/awind-research https://qkaiser.github.io/pentesting/2019/03/27/awind-device-vrd •
CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-16710
https://notcve.org/view.php?id=CVE-2017-16710
Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en dispositivos Crestron Airmedia AM-100 con firmware en versiones anteriores a la 1.6.0 y dispositivos AM-101 con firmware en versiones anteriores a la 2.7.0 permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. • https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE-2017-16710 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2016-5639 – Crestron AM-100 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-5639
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter. Vulnerabilidad de salto de directorio en cgi-bin/login.cgi en dispositivos Crestron AirMedia AM-100 con firmware en versiones anteriores a 1.4.0.13 permite a atacantes remotos leer archivos arbitrarios a través de un .. (dot dot) en el parámetro src." Crestron AM-100 versions 1.1.1.11 through 1.2.1 suffer from hard-coded credential and path traversal vulnerabilities. • https://www.exploit-db.com/exploits/40813 https://github.com/xfox64x/CVE-2016-5639 http://www.kb.cert.org/vuls/id/603047 http://www.securityfocus.com/bid/92216 https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2016-05-001.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5640
https://notcve.org/view.php?id=CVE-2016-5640
Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter. Vulnerabilidad de salto de directorio en cgi-bin/rftest.cgi en dispositivos Crestron AirMedia AM-100 con firmware en versiones anteriores a 1.4.0.13 permite a atacantes remotos ejecutar comandos arbitrarios a través de un .. (dot dot) en el parámetro ATE_COMMAND. • https://github.com/xfox64x/CVE-2016-5640 http://www.kb.cert.org/vuls/id/603047 http://www.securityfocus.com/bid/92216 https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2016-05-002.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •