An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields.
References
Link | Resource |
---|---|
https://www.redteam-pentesting.de/advisories/rt-sa-2021-009 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2022-01-15 15:17
Updated : 2023-03-28 16:38
NVD link : CVE-2022-23178
Mitre link : CVE-2022-23178
CVE.ORG link : CVE-2022-23178
JSON object : View
Products Affected
crestron
- hd-md4x2-4k-e_firmware
- hd-md4x2-4k-e
CWE
CWE-287
Improper Authentication