CVE-2019-3934
N/A
N/A
Summary
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can use this vulnerability to download the current slide image without knowing the access code.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Crestron | Crestron AirMedia | AM-100 firmware 1.6.0.2 and AM-101 firmware 2.7.0.2 | affected |
Weaknesses
- CWE-284: CWE-284 Improper Access Control
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.