CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5670
https://notcve.org/view.php?id=CVE-2016-5670
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface. Dispositivos Crestron Electronics DM-TXRX-100-STR con firmware en versiones anteriores a 1.3039.00040 tienen una contraseña codificada de admin para la cuenta de admin, lo que facilita para atacantes remotos obtener acceso a través de la interfaz de administración web. • http://www.kb.cert.org/vuls/id/974424 http://www.securityfocus.com/bid/92211 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5667
https://notcve.org/view.php?id=CVE-2016-5667
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html. Dispositivos Crestron Electronics DM-TXRX-100-STR con firmware en versiones anteriores a 1.3039.00040 permite a atacantes remotos eludir autenticación a través de una petición directa a una página distinta a index.html. • http://www.kb.cert.org/vuls/id/974424 http://www.securityfocus.com/bid/92211 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2016-5640
https://notcve.org/view.php?id=CVE-2016-5640
Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter. Vulnerabilidad de salto de directorio en cgi-bin/rftest.cgi en dispositivos Crestron AirMedia AM-100 con firmware en versiones anteriores a 1.4.0.13 permite a atacantes remotos ejecutar comandos arbitrarios a través de un .. (dot dot) en el parámetro ATE_COMMAND. • https://github.com/xfox64x/CVE-2016-5640 http://www.kb.cert.org/vuls/id/603047 http://www.securityfocus.com/bid/92216 https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2016-05-002.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5668
https://notcve.org/view.php?id=CVE-2016-5668
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call. Dispositivos Crestron Electronics DM-TXRX-100-STR con firmware en versiones anteriores a 1.3039.00040 permite a atacantes remotos eludir autenticación y cambiar los ajustes a través de una llamada API JSON. • http://www.kb.cert.org/vuls/id/974424 http://www.securityfocus.com/bid/92211 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-5666
https://notcve.org/view.php?id=CVE-2016-5666
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1. Dispositivos Crestron Electronics DM-TXRX-100-STR con firmware en versiones anteriores a 1.3039.00040 confía en el cliente para realizar la autenticación, lo que permite a atacantes remotos obtener acceso estableciendo el valor de objresp.authenabled a 1. • http://www.kb.cert.org/vuls/id/974424 http://www.securityfocus.com/bid/92211 •