# Exploit Title: AWIND WiPG 1000 / Crestron AM-100
# Date: 06-12-2014
# Exploit Author: BrianWGray
# Contact: https://twitter.com/BrianWGray
# Vendor Homepage: http://www.wepresentwifi.com/wipg1000.html - http://www.crestron.com/products/model/AM-100
# Software Link: http://www.wepresentwifi.com/downloads.html
# Version: ~<1.0.3.7 through ?, The mitigation was to remove the login page. The authentication hash can still be generated
# Tested on: wipg-1000 and AM-100
# CVE : N/A
* 06-12-2014: Discovered
* 07-28-2014: Vendor Notified
* 10-10-2014: Vendor changes static password "mistral660411" and changes telnet to dropbear ssh (now we don't have to upload dropbear to have ssh)
Various other issues were reported including auth bypass, password resets, etc.