CVE-2017-16709

HIGH

Crestron Airmedia <1.6.0, <2.7.0 - RCE

Title source: llm

Description

Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/47353

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/snmp/awind_snmp_exec.rb

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/154362/AwindInc-SNMP-Service-Command-Injection.html

[Vendor Advisory] https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE-2017-16709

[Third Party Advisory] https://www.tenable.com/security/research/tra-2019-20

Scores

CVSS v3 7.2

EPSS 0.8197

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (2)

crestron/airmedia_am-100_firmware < 1.6.0

crestron/airmedia_am-101_firmware < 2.7.0

Published Jul 11, 2018

Tracked Since Feb 18, 2026