CVE-2019-3931
N/A
N/A
Summary
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can use this vulnerability to upload files to the device and ultimately execute code as root.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Crestron | Crestron AirMedia | AM-100 firmware 1.6.0.2 and AM-101 firmware 2.7.0.2 | affected |
Weaknesses
- CWE-88: CWE-88 Argument Injection
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.