CVE-2018-11229

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP).
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:crestron:crestron_toolbox_protocol_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:crestron:dmc-str:-:*:*:*:*:*:*:*
cpe:2.3:h:crestron:tsw-1060:-:*:*:*:*:*:*:*
cpe:2.3:h:crestron:tsw-1060-nc:-:*:*:*:*:*:*:*
cpe:2.3:h:crestron:tsw-560:-:*:*:*:*:*:*:*
cpe:2.3:h:crestron:tsw-560-nc:-:*:*:*:*:*:*:*
cpe:2.3:h:crestron:tsw-760:-:*:*:*:*:*:*:*
cpe:2.3:h:crestron:tsw-760-nc:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-06-08 01:29

Updated : 2024-02-04 19:46


NVD link : CVE-2018-11229

Mitre link : CVE-2018-11229

CVE.ORG link : CVE-2018-11229


JSON object : View

Products Affected

crestron

  • tsw-560
  • tsw-560-nc
  • tsw-1060
  • dmc-str
  • tsw-760-nc
  • crestron_toolbox_protocol_firmware
  • tsw-760
  • tsw-1060-nc
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')