CVE-2018-11229
CRITICALCrestron TSW Series < 2.001.0037.001 - Unauthenticated RCE via Command Injection
Title source: llmDescription
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP).
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105051
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01
Vendor Advisory x_refsource_confirm
https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet
Scores
CVSS v3
9.8
EPSS
0.0571
EPSS Percentile
92.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
crestron/crestron_toolbox_protocol_firmware
< 2.001.0037.001
Published
Jun 08, 2018
Tracked Since
Feb 18, 2026