Skip to main content
CVE-2019-3929 CRITICAL POC KEV THREAT Emergency

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Command Injection Am 100 Firmware Am 101 Firmware Wepresent Wipg 1000P Firmware +9
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.0%
CVE-2019-11627 CRITICAL POC Act Now

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Signing Party Debian Linux Leap
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-3932 CRITICAL POC THREAT Act Now

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
9.8
EPSS
36.3%
CVE-2019-3930 CRITICAL POC Act Now

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow RCE Am 100 Firmware Am 101 Firmware +10
NVD
CVSS 3.1
9.8
EPSS
7.0%
CVE-2019-3927 CRITICAL POC Act Now

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2019-3926 CRITICAL POC Act Now

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.14.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Command Injection Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
9.8
EPSS
6.9%
CVE-2019-3925 CRITICAL POC Act Now

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Command Injection Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
9.8
EPSS
6.9%
CVE-2019-11618 CRITICAL POC Act Now

doorGets 7.0 has a default administrator credential vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Doorgets Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2019-11616 CRITICAL POC Act Now

doorGets 7.0 has a sensitive information disclosure vulnerability in /setup/temp/admin.php and /setup/temp/database.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Doorgets Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2019-3935 CRITICAL POC Act Now

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
9.1
EPSS
3.3%
CVE-2019-3939 CRITICAL Act Now

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Am 100 Firmware Am 101 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-10950 CRITICAL Act Now

Fujifilm FCR Capsula X/ Carbon X/ FCR XC-2, model versions CR-IR 357 FCR Carbon X, CR-IR 357 FCR XC-2, FCR-IR 357 FCR Capsula X provide insecure telnet services that lack authentication requirements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cr Ir 357 Fcr Carbon X Firmware Cr Ir 357 Fcr Xc 2 Firmware Cr Ir 357 Fcr Capsula X Firmware
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2019-10309 CRITICAL Act Now

Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Jenkins Self Organizing Swarm Modules
NVD
CVSS 3.0
9.3
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy