Arbitrary Web Script Injection in Crestron Airmedia AM-100 and AM-101 Devices

Arbitrary Web Script Injection in Crestron Airmedia AM-100 and AM-101 Devices

CVE-2017-16710 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Learn more about our Web App Pen Testing.