First published: Tue Apr 30 2019(Updated: )
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in cleartext in the file /tmp/scfgdndf. A local attacker can use this vulnerability to recover sensitive data.
Credit: vulnreport@tenable.com vulnreport@tenable.com
Affected Software | Affected Version | How to fix |
---|---|---|
Crestron AM-100 firmware | =1.6.0.2 | |
Crestron AM-100 | ||
Crestron AM-101 firmware | =2.7.0.2 | |
Crestron AM-101 | ||
All of | ||
Crestron AM-100 firmware | =1.6.0.2 | |
Crestron AM-100 | ||
All of | ||
Crestron AM-101 firmware | =2.7.0.2 | |
Crestron AM-101 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-3937.
The severity of CVE-2019-3937 is high with a CVSS score of 7.8.
The Crestron AM-100 firmware version 1.6.0.2 and Crestron AM-101 firmware version 2.7.0.2 are affected.
The vulnerability allows a local attacker to recover sensitive data, including usernames, passwords, slideshow passcode, and configuration options.
Update the firmware of Crestron AM-100 to version 1.6.0.3 or later, and update the firmware of Crestron AM-101 to version 2.7.0.3 or later.