CVE-2016-5670 - Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded pass

CVE-2016-5670

Summary

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface.

References

http://www.kb.cert.org/vuls/id/974424
http://www.securityfocus.com/bid/92211

Vulnerable Configurations

cpe:2.3:o:crestron:dm-txrx-100-str_firmware:1.2866.00026:*:*:*:*:*:*:*
cpe:2.3:o:crestron:dm-txrx-100-str_firmware:1.2866.00026:*:*:*:*:*:*:*
cpe:2.3:h:crestron:dm-txrx-100-str:-:*:*:*:*:*:*:*
cpe:2.3:h:crestron:dm-txrx-100-str:-:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 15-08-2016 - 15:08)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	92211
cert-vn	VU#974424

Last major update

15-08-2016 - 15:08

Published

03-08-2016 - 01:59

Last modified

15-08-2016 - 15:08