CVE-2022-23178 – Creston Web Interface 1.0.0.2159 - Credential Disclosure
https://notcve.org/view.php?id=CVE-2022-23178
An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields. Se ha detectado un problema en los dispositivos Crestron HD-MD4X2-4K-E versión 1.0.0.2159. Cuando es accedida la interfaz web administrativa del conmutador HDMI sin autenticación, se revelan credenciales de usuario válidas para autenticarse en la interfaz web. • https://www.exploit-db.com/exploits/50675 https://www.redteam-pentesting.de/advisories/rt-sa-2021-009 • CWE-287: Improper Authentication •