HIGH
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.
Source: MITRE
Published: 2019-01-18
Updated: 2020-08-24
Type: NVD-CWE-noinfo
Base Score: 8.5
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:C
Impact Score: 7.8
Exploitability Score: 10
Severity: HIGH
Base Score: 9.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Impact Score: 5.2
Exploitability Score: 3.9
Severity: CRITICAL