Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): AirMedia
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-40298 |
Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level shell. Published: September 22, 2022; 8:15:10 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-34102 |
Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt. Published: September 13, 2022; 6:15:09 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-34101 |
A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack. Published: September 13, 2022; 6:15:08 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-34100 |
A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation. Published: September 13, 2022; 3:15:09 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2017-16710 |
Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: July 11, 2018; 12:29:00 PM -0400 |
V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2017-16709 |
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors. Published: July 11, 2018; 12:29:00 PM -0400 |
V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2016-5640 |
Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter. Published: August 02, 2016; 9:59:02 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2016-5639 |
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter. Published: August 02, 2016; 9:59:01 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |