Test ID:	1.3.6.1.4.1.25623.1.0.106410
Category:	Web application abuses
Title:	Crestron AirMedia AM-100 1.1.1.11 - 1.2.1 Multiple Vulnerabilities - Active Check
Summary:	Crestron AirMedia AM-100 devices are prone to multiple; vulnerabilities.
Description:	Summary: Crestron AirMedia AM-100 devices are prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - Directory traversal vulnerability in cgi-bin/login.cgi - Hidden Management Console with hardcoded default credentials - Hardcoded credentials Vulnerability Impact: An unauthenticated attacker may read arbitrary system files or login with hardcoded credentials. Affected Software/OS: Crestron AirMedia AM-100 devices with firmware versions 1.1.1.11 through 1.2.1 are known to be affected. Other devices/models or versions might be affected as well. Solution: Update to version 1.4.0.13 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5639 BugTraq ID: 92216 http://www.securityfocus.com/bid/92216 CERT/CC vulnerability note: VU#603047 http://www.kb.cert.org/vuls/id/603047 https://www.exploit-db.com/exploits/40813/ https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2016-05-001.md Common Vulnerability Exposure (CVE) ID: CVE-2016-5640 https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2016-05-002.md
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.