← back
CVE-2017-16709

CVE-2017-16709

EPSS 72.0%
Vexday Risk Score
60Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 72.0%KEV nãoPoC públicaNuclei Metasploit simPatch
Lifecycle
11 Jul 2018Published on NVD
27 Mar 2019Metasploit module available
05 Sep 2019Public PoC
Weaponization speed
420 daysto first PoC
258 daysto Metasploit module
Recommendation: Plan a near-term fix — a public PoC already exists.
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.