PT-2016-6626 · Crestron Electronics+1 · Dm-Txrx-100-Str+1

Carsten Eiram

Publicado

2016-08-03

Atualizado

2016-08-15

CVE-2016-5669

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Crestron Electronics DM-TXRX-100-STR devices with firmware prior to 1.3039.00040

Description The issue allows remote attackers to conduct man-in-the-middle attacks against HTTPS sessions. This is due to the use of a hardcoded X.509 certificate from an OpenSSL Test Certification Authority, which creates a trust relationship that can be exploited.

Recommendations For Crestron Electronics DM-TXRX-100-STR devices with firmware prior to 1.3039.00040, update the firmware to version 1.3039.00040 or later to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2016-5669

Produtos afetados

Dm-Txrx-100-Str

Openssl

PT-2016-6626 · Crestron Electronics+1 · Dm-Txrx-100-Str+1

CVE-2016-5669

Identificadores relacionados

Produtos afetados

Referências · 4