HomePentest-Tools.com Logo

Crestron Device - Credentials Disclosure CVE-2022-23178

Severity
CVSSv3 Score
9.8
Vulnerability description

An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields.

Risk description

No risk description to display.

Recommendation

Update the Crestron Device firmware to the latest version to mitigate the vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Jan 15, 2022
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available