Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CRESTRON — Vulnerabilities & Security Advisories 24

Browse all 24 CVE security advisories affecting CRESTRON. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Crestron Electronics specializes in automated control systems for commercial environments, including audio-visual, lighting, and HVAC management. Its product portfolio, which includes networked control processors and digital media servers, has historically been targeted due to its integration into critical infrastructure. Security audits have identified numerous vulnerabilities, primarily involving remote code execution, cross-site scripting, and improper access control mechanisms. These flaws often stem from legacy codebases and insufficient input validation within web interfaces and communication protocols. Notable incidents include the discovery of hardcoded credentials and unpatched services that allow unauthorized device manipulation. With 24 recorded CVEs, the company faces ongoing scrutiny regarding its patch management lifecycle and default configuration security. Organizations deploying Crestron solutions must prioritize network segmentation and regular firmware updates to mitigate risks associated with these persistent architectural weaknesses and potential exploitation vectors.

Top products by CRESTRON: Crestron AirMedia Automate VX Crestron AirMedia, Barco WePresent, Extron ShareLink, Teq AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS, InFocus LiteShow3, and InFocus LiteShow4. DGE-100 AM-300 TOUCHSCREENS x70 TOUCHSCREEN x70 TOUCHSCREENS x60, x70 series
CVE IDTitleCVSSSeverityPublished
CVE-2025-47415 RECWAVE Filepath Traversal — TOUCHSCREENS x60, x70 seriesCWE-22 7.5AIHighAI2025-09-09
CVE-2025-47416 ConsoleFindCommandMatchList — TOUCHSCREEN x70CWE-697 9.8AICriticalAI2025-09-09
CVE-2025-47421 Privilege escalation via SCP login — TOUCHSCREENS x70CWE-88 7.2AIHighAI2025-09-03
CVE-2025-47420 User Permissions on Network API — Automate VXCWE-269 8.8AIHighAI2025-05-06
CVE-2025-47419 Non-Secure Access — Automate VXCWE-319 7.5AIHighAI2025-05-06
CVE-2025-47418 Recording — Automate VXCWE-200 8.2AIHighAI2025-05-06
CVE-2025-47417 Enable Debug Images — Automate VXCWE-200 5.1AIMediumAI2025-05-06
CVE-2023-6926 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Crestron AM-300 — AM-300CWE-78 8.4 High2024-01-23
CVE-2019-3939 Crestron Electronics AM-100和Crestron Electronics AM-101 信任管理问题漏洞 — Crestron AirMediaCWE-16 9.8 -2019-04-30
CVE-2019-3938 Crestron Electronics AM-100和Crestron Electronics AM-101 信任管理问题漏洞 — Crestron AirMediaCWE-522 7.8 -2019-04-30
CVE-2019-3937 Crestron Electronics AM-100和Crestron Electronics AM-101 信任管理问题漏洞 — Crestron AirMediaCWE-312 7.8 -2019-04-30
CVE-2019-3936 Crestron Electronics AM-100和Crestron Electronics AM-101 输入验证错误漏洞 — Crestron AirMediaCWE-284 7.5 -2019-04-30
CVE-2019-3935 Crestron AM-101 安全漏洞 — Crestron AirMediaCWE-284 6.5 -2019-04-30
CVE-2019-3934 Crestron Electronics AM-100和Crestron Electronics AM-101 访问控制错误漏洞 — Crestron AirMediaCWE-284 5.3 -2019-04-30
CVE-2019-3933 Crestron Electronics AM-100和Crestron Electronics AM-101 访问控制错误漏洞 — Crestron AirMediaCWE-284 5.3 -2019-04-30
CVE-2019-3932 Crestron Electronics AM-100和Crestron Electronics AM-101 信任管理问题漏洞 — Crestron AirMediaCWE-249 9.8 -2019-04-30
CVE-2019-3931 Crestron Electronics AM-100和Crestron Electronics AM-101 参数注入漏洞 — Crestron AirMediaCWE-88 8.8 -2019-04-30
CVE-2019-3930 多款路由器缓冲区错误漏洞 — Crestron AirMedia, Barco WePresent, Extron ShareLink, Teq AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS, InFocus LiteShow3, and InFocus LiteShow4.CWE-121 9.8 -2019-04-30
CVE-2019-3929 多款路由器命令操作系统命令注入漏洞 — Crestron AirMedia, Barco WePresent, Extron ShareLink, Teq AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS, InFocus LiteShow3, and InFocus LiteShow4.CWE-79 9.8 -2019-04-30
CVE-2019-3928 Crestron Electronics AM-101 安全漏洞 — Crestron AirMediaCWE-284 6.5 -2019-04-30
CVE-2019-3927 Crestron Electronics AM-100和Crestron Electronics AM-101 授权问题漏洞 — Crestron AirMediaCWE-284 9.8 -2019-04-30
CVE-2019-3926 Crestron Electronics AM-100和Crestron Electronics AM-101 命令操作系统命令注入漏洞 — Crestron AirMediaCWE-79 9.8 -2019-04-30
CVE-2019-3925 Crestron Electronics AM-100和Crestron Electronics AM-101 命令操作系统命令注入漏洞 — Crestron AirMediaCWE-79 9.8 -2019-04-30
CVE-2018-5553 Crestron DGE-100 Console Command Injection (FIXED) — DGE-100CWE-78 7.2 -2018-07-10

This page lists every published CVE security advisory associated with CRESTRON. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.