CVE-2019-3926

2019-04-3020:12:46

CWE-79

tenable

www.cve.org

10 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.2%

JSON

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.14.1. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

CNA Affected

[
  {
    "product": "Crestron AirMedia",
    "vendor": "Crestron",
    "versions": [
      {
        "status": "affected",
        "version": "AM-100 firmware 1.6.0.2 and AM-101 firmware 2.7.0.2"
      }
    ]
  }
]

References

www.tenable.com/security/research/tra-2019-20