Crestron HD-MD4X2-4K-E 1.0.0.2159 Credential Disclosure

Posted on 12 January 2022

Crestron HD-MD4X2-4K-E version 1.0.0.2159 suffers from a credential disclosure vulnerability. When the administrative web interface of the Crestron HDMI switcher is accessed unauthenticated, user credentials are disclosed which are valid to authenticate to the web interface.