CVE-2022-23178 — AI Deep Analysis Summary

🚨 **Essence**: Crestron HD-MD4X2-4K-E exposes admin credentials via an unauthenticated endpoint.…

🛡️ **Root Cause**: **Broken Access Control**. The device fails to enforce authentication on the `/aj.html` endpoint. 🔍 **Flaw**: Sensitive data (JSON with `uname`/`upassword`) is returned to anyone who visits the URL.

📦 **Affected Product**: Crestron **HD-MD4X2-4K-E** HDMI Switcher. 📅 **Version**: Specifically **1.0.0.2159**. ⚠️ **Vendor**: Crestron Electronics.

🕵️ **Hackers Can**: Access the administrative web interface. 🔓 **Privileges**: Full administrative control. 📂 **Data**: Steal credentials to maintain persistent access or reconfigure the switcher.

📉 **Threshold**: **LOW**. 🚫 **Auth Required**: **None**. The vulnerability allows unauthenticated access to the credential endpoint. 🌐 **Config**: Only requires network reachability to the device's web interface.

🔥 **Public Exp?**: **YES**. 📜 **PoC Available**: Nuclei templates and detailed guides exist on GitHub. 🚀 **Exploitation**: Simple HTTP GET request to `/aj.html` yields JSON credentials.

🔍 **Self-Check**: Send an unauthenticated GET request to `/aj.html`. 📊 **Indicator**: Look for a JSON response containing `uname` and `upassword` fields. 🛠️ **Tool**: Use Nuclei with the specific CVE template.

🛠️ **Official Fix**: The advisory (RT-SA-2021-009) was published. ⬇️ **Action**: Check with Crestron for firmware updates beyond v1.0.0.2159 to patch this access control flaw.

🚧 **No Patch?**: **Mitigate** by restricting network access. 🚫 **Block**: Firewall rules should block external/untrusted access to the device's management port (HTTP/HTTPS).

🔴 **Urgency**: **HIGH**. ⚡ **Priority**: Critical. Since no auth is needed, automated scanners can find and exploit this instantly. Patch immediately or isolate the device.