6 results (0.027 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate's trust relationship. Dispositivos Crestron Electronics DM-TXRX-100-STR con firmware en versiones anteriores a 1.3039.00040 usa un certificado codificado 0xb9eed4d955a59eb3 X.509 de un OpenSSL Test Certification Authority, lo que facilita a atacantes remotos llevar a cabo ataques man-in-the-middle contra sesiones HTTPS mediante el aprovechamiento de la relación de confianza del certificado. • http://www.kb.cert.org/vuls/id/974424 http://www.securityfocus.com/bid/92211 •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users. Múltiples vulnerabilidades de CSRF en dispositivos Crestron Electronics DM-TXRX-100-STR con firmware hasta la versión 1.3039.00040 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://www.kb.cert.org/vuls/id/974424 http://www.securityfocus.com/bid/92211 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface. Dispositivos Crestron Electronics DM-TXRX-100-STR con firmware en versiones anteriores a 1.3039.00040 tienen una contraseña codificada de admin para la cuenta de admin, lo que facilita para atacantes remotos obtener acceso a través de la interfaz de administración web. • http://www.kb.cert.org/vuls/id/974424 http://www.securityfocus.com/bid/92211 • CWE-255: Credentials Management Errors •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html. Dispositivos Crestron Electronics DM-TXRX-100-STR con firmware en versiones anteriores a 1.3039.00040 permite a atacantes remotos eludir autenticación a través de una petición directa a una página distinta a index.html. • http://www.kb.cert.org/vuls/id/974424 http://www.securityfocus.com/bid/92211 •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call. Dispositivos Crestron Electronics DM-TXRX-100-STR con firmware en versiones anteriores a 1.3039.00040 permite a atacantes remotos eludir autenticación y cambiar los ajustes a través de una llamada API JSON. • http://www.kb.cert.org/vuls/id/974424 http://www.securityfocus.com/bid/92211 •