Vulnerability Note VU#603047
Crestron AirMedia AM-100 contains multiple vulnerabilities
The Crestron AirMedia AM-100 with firmware prior to version 220.127.116.11 is vulnerable to path traversal and command injection.
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - CVE-2016-5639
An unauthenticated remote user may be able to access arbitrary files from the device filesystem, or execute arbitrary OS commands on the device.
Apply an update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Crestron Electronics||Affected||-||19 Jul 2016|
CVSS Metrics (Learn More)
Thanks to Zach Lanier of Cylance, Inc., for reporting this vulnerability.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2016-5639 CVE-2016-5640
- Date Public: 01 Aug 2016
- Date First Published: 01 Aug 2016
- Date Last Updated: 02 Aug 2016
- Document Revision: 22
If you have feedback, comments, or additional information about this vulnerability, please send us email.