CVE-2016-5669

CRITICAL Year: 2016
CVSS v3 Score
9.8
Critical
CVSS v2 Score
5.0
Medium
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9eed4d955a59eb3 X.509 certificate from an OpenSSL Test Certification Authority, which makes it easier for remote attackers to conduct man-in-the-middle attacks against HTTPS sessions by leveraging the certificate's trust relationship.

Related Vulnerabilities

CVE-2004-2776

CRITICAL
CVSS:9.8(Critical)

go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter.

NVD-CWE-Other2004

CVE-2005-2354

CRITICAL
CVSS:9.8(Critical)

Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues.

NVD-CWE-Other2005

CVE-2006-2827

CRITICAL
CVSS:9.8(Critical)

SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the...

NVD-CWE-Other2006

CVE-2006-4264

CRITICAL
CVSS:9.8(Critical)

Multiple PHP remote file inclusion vulnerabilities in the lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_abso...

NVD-CWE-Other2006

CVE-2006-4428

CRITICAL
CVSS:9.8(Critical)

PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, sinc...

NVD-CWE-Other2006