Search criteria
2 vulnerabilities found for Touchpanels (x60/x70) by Crestron Electronics
CVE-2026-7865 (GCVE-0-2026-7865)
Vulnerability from nvd – Published: 2026-05-05 15:05 – Updated: 2026-05-06 15:25
VLAI?
Title
Hidden Console Command
Summary
A hidden console command is vulnerable to command injection
flaw when control characters are passed to its second argument.
A third party researcher Eugene Lim had discovered vulnerability
in the way console command passes to a popen function call. Attackers with
authenticated access to SSH console of Crestron devices may use to run
underlying OS commands.
Severity ?
CWE
- CWE-88 - Improper neutralization of argument delimiters in a command ('argument injection')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Crestron Electronics | Touchpanels (x60/x70) |
Affected:
3.002.0043.001 , ≤ 3.003.0015.001
(custom)
|
Date Public ?
2026-05-05 14:10
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7865",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T18:31:34.690899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T15:25:23.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Touchpanels (x60/x70)",
"vendor": "Crestron Electronics",
"versions": [
{
"changes": [
{
"at": "3.003.0015.001",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.003.0015.001",
"status": "affected",
"version": "3.002.0043.001",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-05-05T14:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA hidden console command is vulnerable to command injection\nflaw when control characters are passed to its second argument.\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\u003cspan\u003eA third party researcher Eugene Lim had discovered vulnerability\nin the way console command passes to a popen function call. Attackers with\nauthenticated access to SSH console of Crestron devices may use to run\nunderlying OS commands.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "A hidden console command is vulnerable to command injection\nflaw when control characters are passed to its second argument.\u00a0\n\nA third party researcher Eugene Lim had discovered vulnerability\nin the way console command passes to a popen function call. Attackers with\nauthenticated access to SSH console of Crestron devices may use to run\nunderlying OS commands."
}
],
"impacts": [
{
"capecId": "CAPEC-6",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-6 Argument Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper neutralization of argument delimiters in a command (\u0027argument injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T15:05:12.734Z",
"orgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"shortName": "Crestron"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-003-0015-001"
},
{
"tags": [
"release-notes"
],
"url": "https://www.crestron.com/release_notes/tsw-xx70_3.003.0015.001_release_notes.pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hidden Console Command",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"assignerShortName": "Crestron",
"cveId": "CVE-2026-7865",
"datePublished": "2026-05-05T15:05:12.734Z",
"dateReserved": "2026-05-05T13:36:54.938Z",
"dateUpdated": "2026-05-06T15:25:23.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7865 (GCVE-0-2026-7865)
Vulnerability from cvelistv5 – Published: 2026-05-05 15:05 – Updated: 2026-05-06 15:25
VLAI?
Title
Hidden Console Command
Summary
A hidden console command is vulnerable to command injection
flaw when control characters are passed to its second argument.
A third party researcher Eugene Lim had discovered vulnerability
in the way console command passes to a popen function call. Attackers with
authenticated access to SSH console of Crestron devices may use to run
underlying OS commands.
Severity ?
CWE
- CWE-88 - Improper neutralization of argument delimiters in a command ('argument injection')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Crestron Electronics | Touchpanels (x60/x70) |
Affected:
3.002.0043.001 , ≤ 3.003.0015.001
(custom)
|
Date Public ?
2026-05-05 14:10
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7865",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T18:31:34.690899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T15:25:23.058Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Touchpanels (x60/x70)",
"vendor": "Crestron Electronics",
"versions": [
{
"changes": [
{
"at": "3.003.0015.001",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.003.0015.001",
"status": "affected",
"version": "3.002.0043.001",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-05-05T14:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA hidden console command is vulnerable to command injection\nflaw when control characters are passed to its second argument.\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\u003cspan\u003eA third party researcher Eugene Lim had discovered vulnerability\nin the way console command passes to a popen function call. Attackers with\nauthenticated access to SSH console of Crestron devices may use to run\nunderlying OS commands.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "A hidden console command is vulnerable to command injection\nflaw when control characters are passed to its second argument.\u00a0\n\nA third party researcher Eugene Lim had discovered vulnerability\nin the way console command passes to a popen function call. Attackers with\nauthenticated access to SSH console of Crestron devices may use to run\nunderlying OS commands."
}
],
"impacts": [
{
"capecId": "CAPEC-6",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-6 Argument Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper neutralization of argument delimiters in a command (\u0027argument injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T15:05:12.734Z",
"orgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"shortName": "Crestron"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-003-0015-001"
},
{
"tags": [
"release-notes"
],
"url": "https://www.crestron.com/release_notes/tsw-xx70_3.003.0015.001_release_notes.pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Hidden Console Command",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "25b0b659-c4b4-483f-aecb-067757d23ef3",
"assignerShortName": "Crestron",
"cveId": "CVE-2026-7865",
"datePublished": "2026-05-05T15:05:12.734Z",
"dateReserved": "2026-05-05T13:36:54.938Z",
"dateUpdated": "2026-05-06T15:25:23.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}