CVE Tools

crestron

ICS / OT / IoTUScommercial

15

Cumulative CVEs

5

Monthly snapshots

#122

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting crestron.

CVE-2025-47419Non-Secure Access10.0May 6, 2025
CVE-2023-6926Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Crestron AM-3008.4Jan 23, 2024
CVE-2023-38405On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash.7.5Jul 17, 2023
CVE-2022-40298Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A ...8.8Sep 22, 2022
CVE-2022-34101A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege es...7.8Sep 13, 2022
CVE-2022-34102Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYST...8.8Sep 13, 2022
CVE-2022-34100A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure ...8.8Sep 13, 2022
CVE-2022-23178An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are...9.8Jan 15, 2022
CVE-2020-16839On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request.7.5Jul 27, 2021
CVE-2019-18184Crestron DMC-STRO 1.0 devices allow remote command execution as root via shell metacharacters to the ping function.9.8Nov 27, 2019
CVE-2019-3939Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use...9.8Apr 30, 2019
CVE-2019-3938Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The...7.8Apr 30, 2019
CVE-2019-3937Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in cleartext in the file /tmp/scfgdndf. A loc...7.8Apr 30, 2019
CVE-2019-3936Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. The request will force the slideshow to transition i...7.5Apr 30, 2019
CVE-2019-3935Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. A remote, unauthenticate...9.1Apr 30, 2019