CVE-2016-5667 - Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attacker

CVE-2016-5667

Summary

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html. <a href="http://cwe.mitre.org/data/definitions/425.html">CWE-425: Direct Request ('Forced Browsing')</a>

References

http://www.kb.cert.org/vuls/id/974424
http://www.securityfocus.com/bid/92211

Vulnerable Configurations

cpe:2.3:o:crestron:dm-txrx-100-str_firmware:1.2866.00026:*:*:*:*:*:*:*
cpe:2.3:o:crestron:dm-txrx-100-str_firmware:1.2866.00026:*:*:*:*:*:*:*
cpe:2.3:h:crestron:dm-txrx-100-str:-:*:*:*:*:*:*:*
cpe:2.3:h:crestron:dm-txrx-100-str:-:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 15-08-2016 - 15:51)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	92211
cert-vn	VU#974424

Last major update

15-08-2016 - 15:51

Published

03-08-2016 - 01:59

Last modified

15-08-2016 - 15:51