Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).
References
| Link | Resource |
|---|---|
| http://www.securityfocus.com/bid/105051 | Third Party Advisory VDB Entry |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01 | Third Party Advisory US Government Resource |
| https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
No history.
Information
Published : 2018-06-08 01:29
Updated : 2024-02-04 19:46
NVD link : CVE-2018-11228
Mitre link : CVE-2018-11228
CVE.ORG link : CVE-2018-11228
JSON object : View
Products Affected
crestron
- tsw-560
- tsw-560-nc
- tsw-1060
- dmc-str
- tsw-760-nc
- crestron_toolbox_protocol_firmware
- tsw-760
- tsw-1060-nc
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')