Crestron AM-100 versions 1.1.1.11 through 1.2.1 suffer from hard-coded credential and path traversal vulnerabilities.