CVE-2017-16709

high-risk

Published 2018-07-11

Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.

Do I need to act?

82.0% chance of exploitation in next 30 days

EPSS score — higher than 18% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

47353

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.2/10 High

NETWORK / LOW complexity

Affected Products (2)

Airmedia Am-100 Firmware

Airmedia Am-101 Firmware

Affected Vendors

Crestron

References (6)

http://packetstormsecurity.com/files/154362/AwindInc-SNMP-Service-Command-Inject...

Vendor Advisory https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-deta...

Third Party Advisory https://www.tenable.com/security/research/tra-2019-20

http://packetstormsecurity.com/files/154362/AwindInc-SNMP-Service-Command-Inject...

Vendor Advisory https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-deta...

Third Party Advisory https://www.tenable.com/security/research/tra-2019-20

/ 100

high-risk

Severity 26/34 · High

Exploitability 27/34 · High

Exposure 7/34 · Low