CVE-2019-3910

Name of the Vulnerable Software and Affected Versions Crestron AM-100 versions prior to 1.6.0.2

Description The issue concerns an authentication bypass in the web interface's return.cgi script, allowing unauthenticated remote users to access certain administrator functionality. This includes configuring update sources and rebooting the device.

Recommendations For versions prior to 1.6.0.2, update to firmware version 1.6.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.