CVE-2019-3937

CVE-2019-3937

Vendor Crestron
Product Crestron AirMedia
Weakness CWE-312 · Cleartext storage
Published April 30, 2019
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in cleartext in the file /tmp/scfgdndf. A local attacker can use this vulnerability to recover sensitive data.

Key dates

02Disclosure timeline

April 30, 2019 CVE published
August 4, 2024 Record updated