Sign-up

ID

VAR-201904-0332


CVE

CVE-2019-3939


TITLE

Crestron AM-100 and AM-101 Vulnerabilities related to the use of hard-coded credentials in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-004045

DESCRIPTION

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged access to the device. Crestron AM-100 and AM-101 Firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Crestron Electronics AM-100 and Crestron Electronics AM-101 are both smart home gateway products of Crestron Electronics in the United States. A trust management issue vulnerability exists in the Crestron Electronics AM-100 with firmware version 1.6.0.2 and the AM-101 with firmware version 2.7.0.2. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

Trust: 1.8

sources: NVD: CVE-2019-3939 // JVNDB: JVNDB-2019-004045 // VULHUB: VHN-155374 // VULMON: CVE-2019-3939

AFFECTED PRODUCTS

vendor:crestronmodel:am-100scope:eqversion:1.6.0.2

Trust: 1.0

vendor:crestronmodel:am-101scope:eqversion:2.7.0.2

Trust: 1.0

vendor:crestronmodel:airmedia am-100scope:eqversion:1.6.0.2

Trust: 0.8

vendor:crestronmodel:airmedia am-101scope:eqversion:2.7.0.2

Trust: 0.8

sources: JVNDB: JVNDB-2019-004045 // NVD: CVE-2019-3939

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3939
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-3939
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201904-1397
value: CRITICAL

Trust: 0.6

VULHUB: VHN-155374
value: HIGH

Trust: 0.1

VULMON: CVE-2019-3939
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-3939
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-155374
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3939
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-3939
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-155374 // VULMON: CVE-2019-3939 // JVNDB: JVNDB-2019-004045 // CNNVD: CNNVD-201904-1397 // NVD: CVE-2019-3939

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

problemtype:CWE-16

Trust: 1.0

sources: VULHUB: VHN-155374 // JVNDB: JVNDB-2019-004045 // NVD: CVE-2019-3939

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-1397

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201904-1397

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-004045

PATCH
title:AM-100url:https://www.crestron.com/en-US/Products/Workspace-Solutions/Wireless-Presentation-Solutions/AirMedia-Presentation-Gateways/AM-100
Trust: 0.8
title:AM-101url:https://www.crestron.com/en-US/Products/Workspace-Solutions/Wireless-Presentation-Solutions/AirMedia-Presentation-Gateways/AM-101
Trust: 0.8
title: - url:https://github.com/Live-Hack-CVE/CVE-2019-3939 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-3939 // 
            
            
            
            JVNDB: JVNDB-2019-004045

EXTERNAL IDS
db:NVDid:CVE-2019-3939
Trust: 2.6
db:TENABLEid:TRA-2019-20
Trust: 2.6
db:JVNDBid:JVNDB-2019-004045
Trust: 0.8
db:CNNVDid:CNNVD-201904-1397
Trust: 0.7
db:VULHUBid:VHN-155374
Trust: 0.1
db:VULMONid:CVE-2019-3939
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155374 // 
            
            
            
            VULMON: CVE-2019-3939 // 
            
            
            
            JVNDB: JVNDB-2019-004045 // 
            
            
            
            CNNVD: CNNVD-201904-1397 // 
            
            
            
            NVD: CVE-2019-3939

REFERENCES
url:https://www.tenable.com/security/research/tra-2019-20
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-3939
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3939
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/798.html
Trust: 0.1
url:https://github.com/live-hack-cve/cve-2019-3939
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155374 // 
            
            
            
            VULMON: CVE-2019-3939 // 
            
            
            
            JVNDB: JVNDB-2019-004045 // 
            
            
            
            CNNVD: CNNVD-201904-1397 // 
            
            
            
            NVD: CVE-2019-3939

SOURCES
db:VULHUBid:VHN-155374
db:VULMONid:CVE-2019-3939
db:JVNDBid:JVNDB-2019-004045
db:CNNVDid:CNNVD-201904-1397
db:NVDid:CVE-2019-3939

LAST UPDATE DATE
2024-11-23T21:37:29.480000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155374date:2022-12-06T00:00:00
db:VULMONid:CVE-2019-3939date:2022-12-06T00:00:00
db:JVNDBid:JVNDB-2019-004045date:2019-05-27T00:00:00
db:CNNVDid:CNNVD-201904-1397date:2019-05-08T00:00:00
db:NVDid:CVE-2019-3939date:2024-11-21T04:42:54.413

SOURCES RELEASE DATE
db:VULHUBid:VHN-155374date:2019-04-30T00:00:00
db:VULMONid:CVE-2019-3939date:2019-04-30T00:00:00
db:JVNDBid:JVNDB-2019-004045date:2019-05-27T00:00:00
db:CNNVDid:CNNVD-201904-1397date:2019-04-30T00:00:00
db:NVDid:CVE-2019-3939date:2019-04-30T21:29:01.307