vendor:
HD-MD4X2-4K-E
by:
RedTeam Pentesting GmbH
9.8
CVSS
CRITICAL
Information Disclosure
200
CWE
Product Name: HD-MD4X2-4K-E
Affected Version From: 1.0.0.2159
Affected Version To: 1.0.0.2159
Patch Exists: NO
Related CWE: CVE-2022-23178
CPE: crestron/hd-md4x2-4k-e
Tags: cve,cve2022,crestron,disclosure
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Nuclei References:
https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-009/-credential-disclosure-in-web-interface-of-crestron-device, https://nvd.nist.gov/vuln/detail/CVE-2022-23178, https://de.crestron.com/Products/Video/HDMI-Solutions/HDMI-Switchers/HD-MD4X2-4K-E, https://www.redteam-pentesting.de/advisories/rt-sa-2021-009
Nuclei Metadata: {'max-request': 1, 'vendor': 'crestron', 'product': 'hd-md4x2-4k-e_firmware'}
Platforms Tested:
2021
Creston Web Interface 1.0.0.2159 – Credential Disclosure
When the administrative web interface of the Crestron HDMI switcher is accessed unauthenticated, user credentials are disclosed which are valid to authenticate to the web interface.
Mitigation:
Requesting the URL "http://crestron.example.com/" via a web browser results in multiple HTTP requests being sent. Among others, the following URL is requested: http://crestron.example.com/aj.html?a=devi&_=[...] The response contains the following data: {"user":"admin","pass":"admin"} Using the credentials "admin" and "admin" allows to authenticate to the web interface.