Posted by RedTeam Pentesting GmbH on Jan 12

Advisory: Credential Disclosure in Web Interface of Crestron Device

When the administrative web interface of the Crestron HDMI switcher is
accessed unauthenticated, user credentials are disclosed which are valid
to authenticate to the web interface.


Product: Crestron HD-MD4X2-4K-E
Affected Versions:
Fixed Versions: –
Vulnerability Type: Information Disclosure
Security Risk: high
Vendor URL:…
Read More – Full Disclosure

By |2022-01-12T07:19:18-05:00January 12th, 2022|