CVE-2016-5639

HIGH

Crestron AirMedia <1.4.0.13 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2016-5639. PoCs published by Zach Lanier, xfox64x.

AI-analyzed exploit summary The exploit details multiple vulnerabilities in Crestron AM-100 devices, including path traversal, hardcoded credentials, and a hidden management console. It provides specific endpoints and default credentials for exploitation but does not include executable code.

Description

Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Zach Lanier · textremotehardware

https://www.exploit-db.com/exploits/40813

View Code ZIP pw:eip

The exploit details multiple vulnerabilities in Crestron AM-100 devices, including path traversal, hardcoded credentials, and a hidden management console. It provides specific endpoints and default credentials for exploitation but does not include executable code.

Classification

Writeup 90%

Attack Type

Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Crestron AirMedia AM-100 (v1.1.1.11 - v1.2.1)

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1006 - Direct Volume Access T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 2 stars

by xfox64x · poc

https://github.com/xfox64x/CVE-2016-5639

View Code ZIP pw:eip

This repository contains two Metasploit auxiliary modules that exploit CVE-2016-5639, a path traversal vulnerability in Crestron AirMedia AM-100 devices. The modules allow for arbitrary file retrieval, including sensitive files like /etc/passwd and /etc/shadow, and one module specifically dumps and formats Linux password hashes for cracking.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Crestron AirMedia AM-100 (firmware <1.4.0.13)

No auth needed

Prerequisites: Network access to the target device · SSL/TLS enabled on port 443

MITRE ATT&CK

T1006 - Direct Volume Access T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory x_refsource_misc

https://github.com/CylanceVulnResearch/disclosures/blob/master/CLVA-2016-05-001.md

View Writeup ZIP pw:eip

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40813/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/92216

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/603047

Scores

CVSS v3 7.5

EPSS 0.2084

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

crestron/airmedia_am-100_firmware < 1.4.0.12

Published Aug 03, 2016

Tracked Since Feb 18, 2026