Skip to content
/ CVE-2016-5640 Public

Crestron AirMedia AM-100 RCE (CVE-2016-5640) Metasploit Module

2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

xfox64x/CVE-2016-5640

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.github
.github
 
 
README.md
README.md
 
 
crestron_exploit.rb
crestron_exploit.rb
 
 

Repository files navigation

CVE-2016-5640

Crestron AirMedia AM-100 RCE (CVE-2016-5640) Metasploit Module

Module for exploiting a Remote Command Injection vulnerability in the wireless diagnostics page for Crestron AirMedia AM-100 devices with a firmware version <1.4.0.13. Commands execute as the account running the service (i.e. usually root). An older exploit I worte a module for because I wanted experience writing checks and using the cmdstager .

All credit for the original exposure and writeup of the vulnerabilities should go to Cylance, I guess: https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2016-05-001.md

About

Crestron AirMedia AM-100 RCE (CVE-2016-5640) Metasploit Module

Topics

metasploit remote-code-execution metasploit-modules crestron-airmedia

Resources

Readme
Activity

Stars

2 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Sponsor this project

Packages

No packages published

Languages