CVE-2016-5666

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
crestrondm-txrx-100-str_firmware
1.2866.00026
𝑥
= Vulnerable software versions
References
http://www.kb.cert.org/vuls/id/974424
http://www.securityfocus.com/bid/92211
http://www.kb.cert.org/vuls/id/974424
http://www.securityfocus.com/bid/92211