First published: Tue Apr 30 2019(Updated: )
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged access to the device.
Credit: vulnreport@tenable.com vulnreport@tenable.com
Affected Software | Affected Version | How to fix |
---|---|---|
Crestron AM-100 firmware | =1.6.0.2 | |
Crestron AM-100 | ||
Crestron AM-101 firmware | =2.7.0.2 | |
Crestron AM-101 | ||
All of | ||
Crestron AM-100 firmware | =1.6.0.2 | |
Crestron AM-100 | ||
All of | ||
Crestron AM-101 firmware | =2.7.0.2 | |
Crestron AM-101 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Crestron issue is CVE-2019-3939.
CVE-2019-3939 has a severity rating of 9.8, which is considered critical.
CVE-2019-3939 affects Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2.
The default credentials for the web interface of Crestron AM-100 are admin/admin, and for AM-101 are moderator/moderator.
An unauthenticated, remote attacker can exploit CVE-2019-3939 by using the default credentials to gain privileged access to the device.