CVE-2022-23178
Creston Web Interface 1.0.0.2159 - Credential Disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields.
Se ha detectado un problema en los dispositivos Crestron HD-MD4X2-4K-E versión 1.0.0.2159. Cuando es accedida la interfaz web administrativa del conmutador HDMI sin autenticación, se revelan credenciales de usuario válidas para autenticarse en la interfaz web. En concreto, aj.html envía un documento JSON con los campos uname y upassword
Crestron HD-MD4X2-4K-E version 1.0.0.2159 suffers from a credential disclosure vulnerability. When the administrative web interface of the Crestron HDMI switcher is accessed unauthenticated, user credentials are disclosed which are valid to authenticate to the web interface.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-12 CVE Reserved
- 2022-01-12 CVE Published
- 2022-01-18 First Exploit
- 2024-08-03 CVE Updated
- 2024-11-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/50675 | 2022-01-18 | |
https://www.redteam-pentesting.de/advisories/rt-sa-2021-009 | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Crestron Search vendor "Crestron" | Hd-md4x2-4k-e Firmware Search vendor "Crestron" for product "Hd-md4x2-4k-e Firmware" | 1.0.0.2159 Search vendor "Crestron" for product "Hd-md4x2-4k-e Firmware" and version "1.0.0.2159" | - |
Affected
| in | Crestron Search vendor "Crestron" | Hd-md4x2-4k-e Search vendor "Crestron" for product "Hd-md4x2-4k-e" | - | - |
Safe
|