Primary

Context

Crestron Automate VX Cleartext Transmission of Sensitive Information Vulnerability

Vulnerability

A vulnerability in Crestron Automate VX exists due to cleartext transmission of sensitive information, allowing network traffic to be sniffed. The issue arises because the device's Web UI and API are accessible over non-secure network ports, exposing sensitive data such as user passwords. This vulnerability affects Automate VX versions 5.6.8161.21536 through 6.4.0.49.

Impact

Exploitation of this vulnerability could lead to the interception of sensitive information, including user passwords, transmitted over the network.

Remediation

Users can update to Crestron Automate VX version 6.4.1.8, available through the Crestron support team or the Crestron Product Page. Automate VX 2 systems can also be updated through Windows Update. After updating, it is recommended to clear the browser cache.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Crestron Automate VX Cleartext Transmission of Sensitive Information Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating