Sign-up

ID

VAR-201904-0328


CVE

CVE-2019-3934


TITLE

Crestron AM-100 and AM-101 Firmware Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004040

DESCRIPTION

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can use this vulnerability to download the current slide image without knowing the access code. Crestron AM-100 and AM-101 Firmware Contains an access control vulnerability.Information may be obtained. Crestron Electronics AM-100 and Crestron Electronics AM-101 are both smart home gateway products of Crestron Electronics in the United States. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

Trust: 1.71

sources: NVD: CVE-2019-3934 // JVNDB: JVNDB-2019-004040 // VULHUB: VHN-155369

AFFECTED PRODUCTS

vendor:crestronmodel:am-100scope:eqversion:1.6.0.2

Trust: 1.0

vendor:crestronmodel:am-101scope:eqversion:2.7.0.2

Trust: 1.0

vendor:crestronmodel:airmedia am-100scope:eqversion:1.6.0.2

Trust: 0.8

vendor:crestronmodel:airmedia am-101scope:eqversion:2.7.0.2

Trust: 0.8

sources: JVNDB: JVNDB-2019-004040 // NVD: CVE-2019-3934

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3934
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-3934
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-1394
value: MEDIUM

Trust: 0.6

VULHUB: VHN-155369
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3934
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-155369
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3934
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-3934
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-155369 // JVNDB: JVNDB-2019-004040 // CNNVD: CNNVD-201904-1394 // NVD: CVE-2019-3934

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.9

problemtype:CWE-425

Trust: 1.1

sources: VULHUB: VHN-155369 // JVNDB: JVNDB-2019-004040 // NVD: CVE-2019-3934

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-1394

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201904-1394

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004040

PATCH
title:AM-100url:https://www.crestron.com/en-US/Products/Workspace-Solutions/Wireless-Presentation-Solutions/AirMedia-Presentation-Gateways/AM-100
Trust: 0.8
title:AM-101url:https://www.crestron.com/en-US/Products/Workspace-Solutions/Wireless-Presentation-Solutions/AirMedia-Presentation-Gateways/AM-101
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-004040

EXTERNAL IDS
db:NVDid:CVE-2019-3934
Trust: 2.5
db:TENABLEid:TRA-2019-20
Trust: 2.5
db:JVNDBid:JVNDB-2019-004040
Trust: 0.8
db:CNNVDid:CNNVD-201904-1394
Trust: 0.7
db:VULHUBid:VHN-155369
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155369 // 
            
            
            
            JVNDB: JVNDB-2019-004040 // 
            
            
            
            CNNVD: CNNVD-201904-1394 // 
            
            
            
            NVD: CVE-2019-3934

REFERENCES
url:https://www.tenable.com/security/research/tra-2019-20
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-3934
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3934
Trust: 0.8
sources:
            
            
            VULHUB: VHN-155369 // 
            
            
            
            JVNDB: JVNDB-2019-004040 // 
            
            
            
            CNNVD: CNNVD-201904-1394 // 
            
            
            
            NVD: CVE-2019-3934

SOURCES
db:VULHUBid:VHN-155369
db:JVNDBid:JVNDB-2019-004040
db:CNNVDid:CNNVD-201904-1394
db:NVDid:CVE-2019-3934

LAST UPDATE DATE
2024-11-23T21:37:29.213000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155369date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2019-004040date:2019-05-27T00:00:00
db:CNNVDid:CNNVD-201904-1394date:2020-10-19T00:00:00
db:NVDid:CVE-2019-3934date:2024-11-21T04:42:53.760

SOURCES RELEASE DATE
db:VULHUBid:VHN-155369date:2019-04-30T00:00:00
db:JVNDBid:JVNDB-2019-004040date:2019-05-27T00:00:00
db:CNNVDid:CNNVD-201904-1394date:2019-04-30T00:00:00
db:NVDid:CVE-2019-3934date:2019-04-30T21:29:01.010