CVE-2019-3932
30.04.2019, 21:29
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use this vulnerability to control external devices via the uart_bridge.Enginsight
| Vendor | Product | Version |
|---|---|---|
| crestron | am-100_firmware | 1.6.0.2 |
| crestron | am-101_firmware | 2.7.0.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-249 - DEPRECATED: Often Misused: Path ManipulationThis entry has been deprecated because of name confusion and an accidental combination of multiple weaknesses. Most of its content has been transferred to CWE-785.
- CWE-798 - Use of Hard-coded CredentialsThe software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.