Vulnerability Description
On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Crestron | Dm-Nvx-Dir-80 Firmware | 1.0.1.788 |
| Crestron | Dm-Nvx-Dir-80 | - |
| Crestron | Dm-Nvx-Dir-160 Firmware | 1.0.1.788 |
| Crestron | Dm-Nvx-Dir-160 | - |
| Crestron | Dm-Nvx-Dir-Ent Firmware | 1.0.1.788 |
| Crestron | Dm-Nvx-Dir-Ent | - |
Related Weaknesses (CWE)
References
- https://support.crestron.comVendor Advisory
- https://www.crestron.com/Software-Firmware/Firmware/DigitalMedia/DM-XIO/1-0-3-80Permissions Required
- https://www.security.crestron.comBroken Link
- https://www.crestron.com/Security/Security-at-CrestronVendor Advisory
- https://support.crestron.comVendor Advisory
- https://www.crestron.com/Software-Firmware/Firmware/DigitalMedia/DM-XIO/1-0-3-80Permissions Required
- https://www.security.crestron.comBroken Link
FAQ
What is CVE-2020-16839?
CVE-2020-16839 is a vulnerability with a CVSS score of 7.5 (HIGH). On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request.
How severe is CVE-2020-16839?
CVE-2020-16839 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-16839?
Check the references section above for vendor advisories and patch information. Affected products include: Crestron Dm-Nvx-Dir-80 Firmware, Crestron Dm-Nvx-Dir-80, Crestron Dm-Nvx-Dir-160 Firmware, Crestron Dm-Nvx-Dir-160, Crestron Dm-Nvx-Dir-Ent Firmware.