CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24377
https://notcve.org/view.php?id=CVE-2024-24377
16 Feb 2024 — An issue in idocv v.14.1.3_20231228 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script. Un problema en idocv v.14.1.3_20231228 permite a un atacante remoto ejecutar código arbitrario y obtener información confidencial a través de un script manipulado. • https://zhuabapa.top/2024/01/18/idocv_20231228_rce/#more • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6926 – Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Crestron AM-300
https://notcve.org/view.php?id=CVE-2023-6926
23 Jan 2024 — There is an OS command injection vulnerability in Crestron AM-300 firmware version 1.4499.00018 which may enable a user of a limited-access SSH session to escalate their privileges to root-level access. Existe una vulnerabilidad de inyección de comandos del sistema operativo en la versión 1.4499.00018 del firmware Crestron AM-300 que puede permitir a un usuario de una sesión SSH de acceso limitado escalar sus privilegios al acceso de nivel root. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-02 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-38405
https://notcve.org/view.php?id=CVE-2023-38405
17 Jul 2023 — On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash. • https://www.crestron.com/release_notes/cp3n_1.8001.0187_release_notes.pdf • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40298
https://notcve.org/view.php?id=CVE-2022-40298
22 Sep 2022 — Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level shell. Crestron AirMedia para Windows versiones anteriores a 5.5.1.84, presenta permisos heredados no seguros, lo que conlleva a una vulnerabilidad de escalada de privilegios encontrada en la aplicación AirMedia Windows, versión 4.3.1.... • https://www.crestron.com/Security/Security_Advisories • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34101
https://notcve.org/view.php?id=CVE-2022-34101
13 Sep 2022 — A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack. Se ha detectado una vulnerabilidad en Crestron AirMedia Windows Application, versión 4.3.1.39, en la que un usuario puede colocar una DLL maliciosa en una ruta determinada para ejecutar código y realizar un ataque de escalada de privilegios • https://www.crestron.com/Security/Security_Advisories • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2022-34102
https://notcve.org/view.php?id=CVE-2022-34102
13 Sep 2022 — Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt. Se ha detectado una vulnerabilidad de control de acceso insuficiente en Crestron AirMedia Windows Application, versión 4.3.1.39, en la que un usuario puede pausar la desinstalación de un ejecutable para conseguir una solicitud de comando de nivel SYSTEM • https://www.crestron.com/Security/Security_Advisories •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34100
https://notcve.org/view.php?id=CVE-2022-34100
13 Sep 2022 — A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation. Se ha detectado una vulnerabilidad en Crestron AirMedia Windows Application, versión 4.3.1.39, en la que un usuario poco privilegiado puede conseguir una solicitud de comando a nivel S... • https://www.crestron.com/Security/Security_Advisories •
CVSS: 10.0EPSS: 92%CPEs: 2EXPL: 3CVE-2022-23178 – Creston Web Interface 1.0.0.2159 - Credential Disclosure
https://notcve.org/view.php?id=CVE-2022-23178
12 Jan 2022 — An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields. Se ha detectado un problema en los dispositivos Crestron HD-MD4X2-4K-E versión 1.0.0.2159. Cuando es accedida la interfaz web administrativa del conmutador HDMI sin autenticación, se revelan cr... • https://packetstorm.news/files/id/165530 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-16839
https://notcve.org/view.php?id=CVE-2020-16839
27 Jul 2021 — On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request. En los dispositivos Crestron DM-NVX-DIR, DM-NVX-DIR80 y DM-NVX-ENT anteriores al parche DM-XIO/1-0-3-802, la contraseña puede ser cambiada mediante el envío de una petición WebSocket no autenticada • https://support.crestron.com • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 21%CPEs: 2EXPL: 1CVE-2019-18184
https://notcve.org/view.php?id=CVE-2019-18184
27 Nov 2019 — Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function. Los dispositivos Crestron DMC-STRO versión 1.0, permiten la ejecución de comandos remota como root por medio de metacaracteres de shell en la función ping. • https://www.crestron.com/en-US/Products/Video/DigitalMedia-Modular-Matrix/Output-Cards-Blades/DMC-STRO • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •