What the vulnerability does

01Description

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can use this vulnerability to download the current slide image without knowing the access code.

Key dates

02Disclosure timeline

April 30, 2019 CVE published
August 4, 2024 Record updated