CVE-2016-5666 — CRITICAL (9.8)

Vulnerability Description

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objresp.authenabled to 1.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Crestron	Dm-Txrx-100-Str Firmware	1.2866.00026
Crestron	Dm-Txrx-100-Str	-

References

http://www.kb.cert.org/vuls/id/974424Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/92211Third Party AdvisoryVDB Entry
http://www.kb.cert.org/vuls/id/974424Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/92211Third Party AdvisoryVDB Entry

FAQ

What is CVE-2016-5666?

CVE-2016-5666 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which allows remote attackers to obtain access by setting the value of objr...

How severe is CVE-2016-5666?

CVE-2016-5666 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-5666?

Check the references section above for vendor advisories and patch information. Affected products include: Crestron Dm-Txrx-100-Str Firmware, Crestron Dm-Txrx-100-Str.