CVE-2019-3910
Published Jan 18, 2019
Last updated 4 years ago
Overview
- Description
- Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.
- Source
- vulnreport@tenable.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 8.5
- Impact score
- 7.8
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:C
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:crestron:airmedia_am-100:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CA211175-30DE-466A-BEE9-8BD9EF2A25DE"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:crestron:airmedia_am-100_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "594D9A9A-A64D-40E3-B9BF-5D1765623CB2",
"versionEndExcluding": "1.6.0.2"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]