CVE-2019-3910

Summary

Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.

Affected Software

VendorProductVersion RangeStatus
n/aCrestron AM-100 Before 1.6.0.2Crestron AM-100 Before 1.6.0.2affected

Weaknesses

  • Authentication Bypass

ADP Enrichment

CVE Program Container

Additional References

References