{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T10:42:52.066","vulnerabilities":[{"cve":{"id":"CVE-2019-3935","sourceIdentifier":"vulnreport@tenable.com","published":"2019-04-30T21:29:01.073","lastModified":"2024-11-21T04:42:53.893","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. A remote, unauthenticated attacker can use this vulnerability to start, stop, and disconnect active slideshows."},{"lang":"es","value":"Crestron AM-100 con firmware versión 1.6.0.2 y AM-101 con firmware versión 2.7.0.2 permite a cualquier persona actuar como moderador de una presentación de diapositivas por medio de peticiones HTTP POST creadas para el archivo conference.cgi. Un atacante remoto no identificado puede usar esta vulnerabilidad para iniciar, detener y desconectar presentaciones de diapositivas activas."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:P","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"vulnreport@tenable.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:crestron:am-100_firmware:1.6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"913135BE-8FB4-40BA-85D8-AD0F824493C3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:crestron:am-100:-:*:*:*:*:*:*:*","matchCriteriaId":"081E2B1B-027D-4846-8C61-54CE2D668CD0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:crestron:am-101_firmware:2.7.0.2:*:*:*:*:*:*:*","matchCriteriaId":"6AC584E7-9159-48E8-B499-F5CA68663503"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:crestron:am-101:-:*:*:*:*:*:*:*","matchCriteriaId":"D0AB0523-6EFF-4C78-A8BA-B2764DBB04D0"}]}]}],"references":[{"url":"https://www.tenable.com/security/research/tra-2019-20","source":"vulnreport@tenable.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.tenable.com/security/research/tra-2019-20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}