CVE-2018-10630

CRITICAL

Crestron TSW-X60 <2.001.0037.001 & MC3 <1.502.0047.001 - Auth Bypass

Title source: llm
STIX 2.1

Description

For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105051
Patch, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01

Scores

CVSS v3 9.8
EPSS 0.1091
EPSS Percentile 95.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-284 CWE-287
Status published
Products (2)
crestron/mc3_firmware < 1.502.0047.001
crestron/tsw-x60_firmware < 2.001.0037.001
Published Aug 10, 2018
Tracked Since Feb 18, 2026