Vulnerability Note VU#974424
Crestron Electronics DM-TXRX-100-STR web interface contains multiple vulnerabilities
Crestron Electronics DM-TXRX-100-STR, version 1.2866.00026 and earlier, has a web management interface which contains multiple vulnerabilities, including authentication bypass, failure to restrict access to authorized users, use of hard-coded certificate, default credentials, and cross-site request forgery (CSRF). These vulnerabilities may be leveraged to gain complete control of affected devices.
Crestron Electronics DM-TXRX-100-STR is a "streaming encoder/decoder designed to enable the distribution of high-definition AV signals over an IP network." The DM-TXRX-100-STR is configurable via a web interface that contains multiple vulnerabilities.
CWE-603: Use of Client-Side Authentication - CVE-2016-5666
A remote, unauthenticated attacker may gain administrative access through numerous contexts to take complete control of vulnerable devices.
Apply an upgrade
- CWE-603: Use of Client-Side Authentication - CVE-2016-5666
- CWE-425: Direct Request ('Forced Browsing') - CVE-2016-5667
- CWE-306: Missing Authentication for Critical Function - CVE-2016-5668 -
- CWE-321: Use of Hard-coded Cryptographic Key - CVE-2016-5669 -
CWE-255: Credentials Management - CVE-2016-5670 - was partially addressed in 1.3.39.00040. Users now have the ability to modify the password on the device page of the web interface. Other credentials management enhancements will be implemented in a future firmware release. It is recommended to change the default password on the device page when commissioning the device.
CWE-352: Cross-Site Request Forgery (CSRF) - CVE-2016-5671 - will be addressed in a future release.
Users are encouraged to update to the latest version, but should note that the CSRF vulnerability (CVE-2016-5671) has not been patched at the time of this disclosure. All users should consider the following workaround.
Restrict network access and use strong passwords
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Crestron Electronics||Affected||25 Apr 2016||28 Jul 2016|
CVSS Metrics (Learn More)
Thanks to Carsten Eiram of Risk Based Security for reporting these vulnerabilities.
This document was written by Joel Land.
- CVE IDs: CVE-2016-5666 CVE-2016-5667 CVE-2016-5668 CVE-2016-5669 CVE-2016-5670 CVE-2016-5671
- Date Public: 01 Aug 2016
- Date First Published: 01 Aug 2016
- Date Last Updated: 01 Aug 2016
- Document Revision: 23
If you have feedback, comments, or additional information about this vulnerability, please send us email.