CVE-2019-3926 - AskarLabs CVE Database

CVE-2019-3926

Vendor Crestron

Product Crestron AirMedia

Weakness CWE-79 · XSS

Published April 30, 2019

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.14.1. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

Key dates

02Disclosure timeline

April 30, 2019 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-3926 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-62937 WordPress Post List Featured Image plugin <= 0.5.9 - Cross Site Scripting (XSS) vulnerability CVE-2026-4610 ProfileGrid <= 5.9.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Message Content CVE-2024-43226 WordPress WP Dashboard Notes plugin <= 1.0.11 - Cross Site Scripting (XSS) vulnerability CVE-2024-41819 Note Mark has a stored XSS in the note link href attribute CVE-2024-54250 WordPress Prodigy Commerce plugin <= 3.0.8 - Cross Site Scripting (XSS) vulnerability