CyberSec.Space Logo
Back to CVE Browser

CVE-2016-5669

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0760%
EPSS Percentile25.91th
PublishedAug 3, 2016
Last ModifiedMay 6, 2026

Vulnerability Description

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate's trust relationship.

Affected Platforms (CPE)

πŸ’»
Crestron

Dm Txrx 100 Str Firmware

= 1.2866.00026

References & Advisories

πŸ”— http://www.kb.cert.org/vuls/id/974424
πŸ”— http://www.securityfocus.com/bid/92211
πŸ”— http://www.kb.cert.org/vuls/id/974424
πŸ”— http://www.securityfocus.com/bid/92211

Related Vulnerabilities

CVE-2016-56669.8

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to perform authentication, which...

CVE-2016-56679.8

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via...

CVE-2016-56689.8

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication and...

CVE-2016-56709.8

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin ac...