Vulnerabilities (CVE)

Filtered by vendor Crestron Subscribe

Filtered by product Airmedia Am-100 Firmware

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-3910	1 Crestron	2 Airmedia Am-100, Airmedia Am-100 Firmware	2020-08-24	8.5 HIGH	9.1 CRITICAL
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.
CVE-2016-5640	1 Crestron	2 Airmedia Am-100, Airmedia Am-100 Firmware	2016-08-15	10.0 HIGH	9.8 CRITICAL
Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter.