Products

    Pages

        Security Advisories

        Filter by Tags

        Vulnerability
        Updated Date
        Threat
        Identifier
        How is Crestron Affected
        Resources
        AM-100 and AM-100 Vulnerabilities
        06/12/19
        More information
        Threat:
        AIRMEDIA AM-100 and AM-101 Vulnerabilities

        We are making the AM-100/101 firmware available today publicly. Anyone requiring assistance should reach out to True Blue Support.

        The latest AM-100/101 firmware release includes CVE-2019-3929 and CVE-2019-3930 fixes. See link below under Resources.

        Please note the following vulnerabilities only affect the Airmedia AM-100 and AM-101 devices. All other second generation AirMedia devices are not affected.
        Identifier:
        There are multiple CVEs associated with this report
        How is Crestron Affected:
           
        CVE-2019-3925: Unauthenticated Remote OS Command Injection via SNMP #1
        Crestron is aware of a vulnerability with the AM-100 and AM-101 devices which allows for OS command injection via SNMP. This vulnerability will be resolved in upcoming firmware release scheduled for July 2019. SNMP can be disabled from the device menu.

        CVE-2019-3926: Unauthenticated Remote Command Injection via SNMP #2
        Crestron is aware of a vulnerability with the AM-100 and AM-101 devices which allows for console command injection via SNMP.  This vulnerability will be resolved in upcoming firmware release scheduled for July 2019. SNMP can be disabled from the device menu.

        CVE-2019-3927: Unauthenticated Remote Admin Password Change via SNMP
        Crestron is aware of a vulnerability with the AM-100/AM-101 devices which allows the remote administrator password to be changed via SNMPv1 and SNMPv2. Crestron advises to use SNMPv3 with adequate username and password to avoid this possibility. The SNMP version can be set in the web user interface of the device. SNMP can also be disabled from device services Menu. This disables SNMP service completely. On a Factory restore now the SNMP protocol defaults to SNMPv3. Users are advised to use SNMPv3 with strong authentication and privileged password.

        CVE-2019-3928: Unauthenticated Remote Information Leak via SNMP
        Crestron advises to use SNMPv3 with adequate username and password to avoid this possibility. The SNMP version can be set in the web user interface of the device. SNMP can also be disabled from device services Menu. This disables SNMP service completely. On a Factory restore now the SNMP protocol defaults to SNMPv3. Users are advised to use SNMPv3 with strong authentication and privileged password.

        CVE-2019-3929: Unauthenticated Remote OS Command Injection via file_transfer.cgi
        This vulnerability will be resolved in upcoming firmware release scheduled for July 2019. Crestron recommends limiting physical and network access to device.

        CVE-2019-3930: Unauthenticated Remote Stack Buffer Overflow via file_transfer.cgi
        This vulnerability which has a fix for the unauthenticated file_transfer.cgi will be resolved in upcoming firmware release scheduled for July 2019.

        CVE-2019-3931: Remote View Pass Code Bypass and Information Leak
        This will be fixed in version slated to release in July 2019. The risk or impact is that the latest slide or snapshot of the presentation will be available to an unauthenticated user. Once the presentation stops it will return a 404 error, so the risk exists only during active presentation. Crestron recommends that AirMedia AM-100/101s are not available on a public network, and only internal to the company.

        CVE-2019-3932: Authentication Bypass in return.tgi
        This will be fixed in version slated to release in July 2019. This vulnerability requires physical access to the hardware. Crestron recommends securing access to the device.

        CVE-2019-3933: Authentication bypass to view "remote view" via HTTP browserslide.jpg
        Crestron advises to use latest release version. As well as to protect return.cgi Crestron recommends that users define a strong administrator password for AirMedia AM-100s and AM-101s. 

        To disable to the Remote View feature completely, Crestron recommends following the configuration setup below. 

        Remote-View-Disable-Feature.png


        CVE-2019-3934: Remove View Pass Code Bypass #2
        This will be fixed in version slated to release in July 2019. The risk or impact here is that the latest slide/snapshot of the presentation will be available to an unauthenticated user. Once the presentation stops it will return a 404 error, so the risk exists only during active presentation.
        Crestron recommends that AirMedia AM-100/101s are not available on a public network, and only internal to the company.

        CVE-2019-3935: Unauthenticated Remote Moderator Controls via HTTP
        This will be fixed in version slated to release in July 2019. Meanwhile, Crestron recommends that AirMedia AM-100s and AM-101s are not available on a public network, and only made available internal to the company.

        CVE-2019-3936: Unauthenticated Remote View Control via port 389
        This will be fixed in version slated to release in July 2019. Meanwhile, Crestron recommends that AirMedia AM-100/101s are not available on a public network, and only made available internally to the company.

        CVE-2019-3937: Credentials Stored in Plaintext
        This will be fixed in version slated to release in July 2019. Meanwhile, if configuration files are used and saved by administrators for configuring and restoring AirMedia devices to a previously known state of configuration, then such configuration files should be stored in a safe location where only System Administrators have access to such files. Delete configuration files from local download folders and temp folders.

        CVE-2019-3938: Exported Configuration Files Contain Credentials
        This will be fixed in version slated to release in July 2019. Meanwhile, if configuration files are used and saved by administrators for configuring and restoring AirMedia devices to a previously known state of configuration, then such configuration files should be stored in a safe location where only System Administrators have access to such files. Delete configuration files from local download folders and temp folders.
        CVE-2019-9006: CP3N/PRO3/AV3
        06/07/19
        More information
        Threat:
        Crestron is aware of a vulnerability with the CP3N, Pro3, and AV3 devices which allows attackers to change firewalls rules, scan the internal network, download and run scripts through the remote root shell on the router via telnet access.
        Identifier:
        This vulnerability has been assigned CVE identifier CVE-2019-9006
        How is Crestron Affected:
        This vulnerability has been resolved in the current firmware upgrade. Crestron recommends upgrading devices with current firmware available on the product page.

        Minimum firmware versions to address this vulnerability: v.1.600.0092
        Authentication Bypass in AM-100/AM-101
        05/10/19
        More information
        Threat:
        Crestron is aware of a vulnerability in the AM-100 and AM-101 units that can allow a user to bypass authentication. All users are urged to update firmware to the versions noted.

        The latest AM-100/101 firmware release includes CVE-2019-3910 fix. See link below under Resources.

        Please note the following vulnerabilities only affect the Airmedia AM-100 and AM-101 devices. All other second generation AirMedia devices are not affected.
        Identifier:
        N/A
        How is Crestron Affected:

        CVE-2019-3910: Authentication Bypass - This vulnerability has been resolved in the current firmware and can be downloaded on the product page. Minimum firmware version to address this vulnerability: 2.7.0 (AM-101) and 1.6.0 (AM-100). Affected Devices:

        • AM-101
        • AM-100
        CVE-2018-10933: libssh Server Allows Unauthorized Access
        10/24/18
        More information
        Threat:
        Crestron is aware of a vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
        Identifier:
        This vulnerability has been assigned CVE identifier CVE-2018-10933.
        How is Crestron Affected:
        While Crestron does use libssh in some products, it is not used for authentication in any circumstance. Therefore, no Crestron products are affected by this vulnerability.
        Resources:
        Nessus detects multiple vulnerabilities on port 7000
        09/24/18
        More information
        Threat:
        Nessus scanner detects AirMedia as an AppleTV and reports subsequent vulnerabilities.
        Identifier:
        There are multiple CVEs associated with this. Please see the related document.
        How is Crestron Affected:
        This is a false positive triggered by AirPlay compatibility. Refer to Airmedia - Nessus Vulnerability Scanner False Positive Mitigation Guideline - Airplay for details.
        CVE-2018-10630: IMPROPER ACCESS CONTROL
        08/09/18
        More information
        Threat:
        Authentication is not enabled by default on affected devices. With the minimum firmare version listed below, Crestron’s CTP Console and Telnet access are now disabled by default. Only SSH is available for configuration. If the device does not have authentication enabled, an SSH Banner will display a warning which recommends securing the device.
        Identifier:
        This vulnerability has been assigned CVE identifier CVE-2018-10630 .
        How is Crestron Affected:
        Minimum firmware version to address this vulnerability: v1.502.0047.001. Affected Device: MC3.
        CVE-2018-11228: UNAUTHENTICATED REMOTE CODE EXECUTION VIA BASH SHELL SERVICE IN CTP
        08/09/18
        More information
        Threat:
        Crestron is aware of a vulnerability with specific touch panels which allows for unauthenticated remote code execution via bash. If authentication is enabled, the probability of exploit is lower as authentication is required.
        Identifier:
        This vulnerability has been assigned CVE identifier CVE-2018-11228.
        How is Crestron Affected:

        This vulnerability has been resolved in the current firmware and can be downloaded on the product page.

        Minimum firmware versions to address this vulnerability:

        • TSW-X60 Series use FW 2.0001.0037.001 or late
        • TSW-X52 Series use FW 1.004.0007 or later

        Affected Devices:

        • TSW-1060
        • TSW-760
        • TSW-560
        • TSW-1060-NC
        • TSW-760-NC
        • TSW-560-NC
        • TSW-552
        • TSW-752
        • TSW-1052
        • TSR-302
        • TST-602
        • TST-902
        • TSW-732
        • TSS-752
        • DMC-STR

        Additional products are being tested.

        Resources:
        CVE-2018-11228: OS COMMAND INJECTION
        08/09/18
        More information
        Threat:
        Crestron is aware of a vulnerability which allows for unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).
        Identifier:
        This vulnerability has been assigned CVE identifier CVE-2018-11228.
        How is Crestron Affected:

        Minimum firmware version to address this vulnerability: v2.001.0037.001. Affected Devices:

        • TSW-1060
        • TSW-760
        • TSW-560
        • TSW-1060-NC
        • TSW-760-NC
        • TSW-560-NC
        CVE-2018-11229: OS COMMAND INJECTION
        08/09/18
        More information
        Threat:
        Crestron is aware of a vulnerability which allows for unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP).
        Identifier:
        This vulnerability has been assigned CVE identifier CVE-2018-11229.
        How is Crestron Affected:

        Minimum firmware version to address this vulnerability: v2.001.0037.001. Affected Devices:

        • TSW-1060
        • TSW-760
        • TSW-560
        • TSW-1060-NC
        • TSW-760-NC
        • TSW-560-NC
        CVE-2018-11229: UNAUTHENTICATED REMOTE CODE EXECUTION VIA COMMAND INJECTION IN CTP
        08/09/18
        More information
        Threat:
        Crestron is aware of a vulnerability with specific touch panels which allows for unauthenticated remote code execution via command injection. If authentication is enabled, the probability of exploit is lower as authentication is required.
        Identifier:
        This vulnerability has been assigned CVE identifier CVE-2018-11229.
        How is Crestron Affected:

        This vulnerability has been resolved in the current firmware and can be downloaded on the product page.

        Minimum firmware versions to address this vulnerability:

        • TSW-X60 Series use FW 2.0001.0037.001 or later
        • TSW-X52 Series use FW 1.004.0007 or later

        Affected Devices:

        • TSW-1060
        • TSW-760
        • TSW-560
        • TSW-1060-NC
        • TSW-760-NC
        • TSW-560-NC
        • TSW-552
        • TSW-752
        • TSW-1052
        • TSR-302
        • TST-602
        • TST-902
        • TSW-732
        • TSS-752
        • DMC-STR

        Additional products are being tested.

        Resources:
        |<  <   1 2 3    >  >| Pages: 1 of 3

        Subscribe to get notifications on the latest security updates