ID CVE-2016-5666
Summary Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1. <a href="http://cwe.mitre.org/data/definitions/603.html">CWE-603: Use of Client-Side Authentication</a>
References
Vulnerable Configurations
  • cpe:2.3:o:crestron:dm-txrx-100-str_firmware:1.2866.00026:*:*:*:*:*:*:*
    cpe:2.3:o:crestron:dm-txrx-100-str_firmware:1.2866.00026:*:*:*:*:*:*:*
  • cpe:2.3:h:crestron:dm-txrx-100-str:-:*:*:*:*:*:*:*
    cpe:2.3:h:crestron:dm-txrx-100-str:-:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 15-08-2016 - 15:18)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 92211
cert-vn VU#974424
Last major update 15-08-2016 - 15:18
Published 03-08-2016 - 01:59
Last modified 15-08-2016 - 15:18
Back to Top