{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T00:31:55.910","vulnerabilities":[{"cve":{"id":"CVE-2019-3938","sourceIdentifier":"vulnreport@tenable.com","published":"2019-04-30T21:29:01.260","lastModified":"2026-06-17T02:35:55.270","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the \"export configuration\" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any configuration file since all the encryption logic is hard coded. A local attacker can use this vulnerability to gain access to devices username and passwords."},{"lang":"es","value":"Crestron AM-100 con firmware versión 1.6.0.2 y AM-101 con firmware versión 2.7.0.2 almacena nombres de usuario, contraseñas y otras opciones de configuración en el archivo generado por medio de la función \"export configuration\". El archivo de configuración es encriptado usando el binario awenc. El mismo binario puede ser usado para descifrar cualquier archivo de configuración, ya que toda la lógica de cifrado está codificada. Un atacante local puede usar esta vulnerabilidad para conseguir acceso a los nombres de usuario y contraseñas de los dispositivos."}],"affected":[{"source":"vulnreport@tenable.com","affectedData":[{"vendor":"Crestron","product":"Crestron AirMedia","versions":[{"version":"AM-100 firmware 1.6.0.2 and AM-101 firmware 2.7.0.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"vulnreport@tenable.com","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:crestron:am-100_firmware:1.6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"913135BE-8FB4-40BA-85D8-AD0F824493C3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:crestron:am-100:-:*:*:*:*:*:*:*","matchCriteriaId":"081E2B1B-027D-4846-8C61-54CE2D668CD0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:crestron:am-101_firmware:2.7.0.2:*:*:*:*:*:*:*","matchCriteriaId":"6AC584E7-9159-48E8-B499-F5CA68663503"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:crestron:am-101:-:*:*:*:*:*:*:*","matchCriteriaId":"D0AB0523-6EFF-4C78-A8BA-B2764DBB04D0"}]}]}],"references":[{"url":"https://www.tenable.com/security/research/tra-2019-20","source":"vulnreport@tenable.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.tenable.com/security/research/tra-2019-20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}