CVE-2019-3910 : Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypas

Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.

Published 2019-01-18 18:29:00

Updated 2020-08-24 17:37:01

Source Tenable Network Security, Inc.

View at NVD, CVE.org

Products affected by CVE-2019-3910

Crestron » Airmedia Am-100 Firmware
Versions before (<) 1.6.0.2
cpe:2.3:o:crestron:airmedia_am-100_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Crestron » Airmedia Am-100 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-3910

EPSS FAQ

5.46%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 89 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-3910

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
8.5	HIGH	AV:N/AC:L/Au:N/C:N/I:P/A:C	10.0	7.8	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Complete
9.1	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H	3.9	5.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: High

References for CVE-2019-3910

https://www.tenable.com/security/research/tra-2019-02

[R1] Crestron AM-100 Authentication Bypass - Research Advisory | Tenable®
Exploit;Third Party Advisory

Jump to

Vulnerability Details : CVE-2019-3910

Products affected by CVE-2019-3910

Exploit prediction scoring system (EPSS) score for CVE-2019-3910

CVSS scores for CVE-2019-3910

References for CVE-2019-3910