What the vulnerability does

01Description

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged access to the device.

Key dates

02Disclosure timeline

April 30, 2019 CVE published
August 4, 2024 Record updated