Published on May 1st, 2019 📆 | 6760 Views ⚑
0Crestron AM-100/AM-101 login.cgi HTTP POST Request information disclosure
CVSS Meta Temp Score | Current Exploit Price (≈) |
---|---|
5.2 | $0-$5k |
A vulnerability, which was classified as problematic, has been found in Crestron AM-100 and AM-101. Affected by this issue is some functionality of the file login.cgi. The manipulation as part of a HTTP POST Request leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. Impacted is confidentiality.
The weakness was disclosed 04/30/2019. This vulnerability is handled as CVE-2019-3934 since 01/03/2019. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details are known, but there is no available exploit. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 05/01/2019).
Addressing this vulnerability is possible by firewalling .
The entries 134278, 134279, 134280 and 134281 are pretty similar.
- Crestron AM-100 1.6.0.2
- Crestron AM-101 2.7.0.2
Vendor
Name
VulDB Meta Base Score: 5.3
VulDB Meta Temp Score: 5.2
VulDB Base Score: 5.3
VulDB Temp Score: 5.2
VulDB Vector: ?
VulDB Reliability: ?
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
? | ? | ? | ? | ? | ? |
? | ? | ? | ? | ? | ? |
? | ? | ? | ? | ? | ? |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: ?
VulDB Temp Score: ?
VulDB Reliability: ?
Class: Information disclosure (CWE-200)
Local: No
Remote: Yes
Availability: ?
Status: Not defined
Price Prediction: ?
Current Price Estimation: ?
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?Recommended: Firewall
Status: ?
0-Day Time: ?01/03/2019 CVE assigned
04/30/2019 Advisory disclosed
05/01/2019 VulDB entry created
05/01/2019 VulDB last updateCVE: CVE-2019-3934 (?)
See also: ?Created: 05/01/2019 02:08 PM
Complete: ?
Comments
Download the whitepaper to learn more about our service!
https://vuldb.com/?id.134282
No comments yet. Please log in to comment.