CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-16710
https://notcve.org/view.php?id=CVE-2017-16710
Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en dispositivos Crestron Airmedia AM-100 con firmware en versiones anteriores a la 1.6.0 y dispositivos AM-101 con firmware en versiones anteriores a la 2.7.0 permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. • https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE-2017-16710 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 71%CPEs: 4EXPL: 2CVE-2017-16709 – AwindInc SNMP Service - Command Injection
https://notcve.org/view.php?id=CVE-2017-16709
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors. Los dispositivos Crestron Airmedia AM-100 con firmware en versiones anteriores a la 1.6.0 y dispositivos AM-101 con firmware en versiones anteriores a la 2.7.0 permite que administradores autenticados remotos ejecuten código arbitrario mediante vectores sin especificar. • https://www.exploit-db.com/exploits/47353 http://packetstormsecurity.com/files/154362/AwindInc-SNMP-Service-Command-Injection.html https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE-2017-16709 https://www.tenable.com/security/research/tra-2019-20 https://github.com/QKaiser/awind-research https://qkaiser.github.io/pentesting/2019/03/27/awind-device-vrd https://raw.githubusercontent.com/rapid7/metasploit&# •