RSS   Vulnerabilities for 'Dm-txrx-100-str firmware'   RSS

2016-08-02
 
CVE-2016-5671

 

 
Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR devices with firmware through 1.3039.00040 allow remote attackers to hijack the authentication of arbitrary users.

 
 
CVE-2016-5670

 

 
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface.

 
 
CVE-2016-5669

 

 
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate's trust relationship.

 
 
CVE-2016-5668

 

 
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and change settings via a JSON API call.

 
 
CVE-2016-5667

 

 
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html.

 
 
CVE-2016-5666

 

 
Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1.

 

 >>> Vendor: Crestron 7 Products
Dm-txrx-100-str firmware
Airmedia am-100 firmware
Dge-100 firmware
Dm-dge-200-c firmware
Ts-1542-c firmware
Am-100 firmware
Am-101 firmware


Copyright 2024, cxsecurity.com

 

Back to Top