Crestron AM-100 and AM-101 Firmware Vulnerability: Unauthorized Access to Presentation Passcode

Crestron AM-100 and AM-101 Firmware Vulnerability: Unauthorized Access to Presentation Passcode

CVE-2019-3928 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. A remote, unauthenticated attacker can use this vulnerability to access a restricted presentation or to become the presenter.

Learn more about our User Device Pen Test.