Authentication Bypass in Crestron Electronics DM-TXRX-100-STR Devices

Authentication Bypass in Crestron Electronics DM-TXRX-100-STR Devices

CVE-2016-5666 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1.

Learn more about our Web Application Penetration Testing UK.