CVE-2019-3938

Published: Apr 30, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any configuration file since all the encryption logic is hard coded. A local attacker can use this vulnerability to gain access to devices username and passwords.

Affected (2)

Products: Crestron: Am 100 Firmware, Am 101 Firmware

2 products

Am 100 Firmware

Am 101 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Crestron Am 100 Firmware	Version 1.6.0.2

Running on/with	Platform Versions
Crestron Am 100	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Crestron Am 101 Firmware	Version 2.7.0.2

Running on/with	Platform Versions
Crestron Am 101	All versions

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://www.tenable.com/security/research/tra-2019-20

Source: vulnreport@tenable.com

ExploitThird Party Advisory

https://www.tenable.com/security/research/tra-2019-20

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.