PT-2018-10016 · Crestron · Crestron Tsw-X60+1

Publicado

2018-08-10

Atualizado

2019-10-09

CVE-2018-10630

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Crestron TSW-X60 versions prior to 2.001.0037.001 Crestron MC3 versions prior to 1.502.0047.001

Description The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open.

Recommendations For Crestron TSW-X60 versions prior to 2.001.0037.001, enable authentication to secure the device. For Crestron MC3 versions prior to 1.502.0047.001, enable authentication to secure the device. As a temporary workaround, consider restricting access to the CTP console until authentication is enabled.

Correção

Improper Access Control

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-287

Identificadores relacionados

CVE-2018-10630

ZDI-18-932

Produtos afetados

Crestron Mc3

Crestron Tsw-X60

PT-2018-10016 · Crestron · Crestron Tsw-X60+1

CVE-2018-10630

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5