← Retour aux CVEs
CVE-2026-7865
N/ADescription
A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH console of Crestron devices may use to run underlying OS commands.
Details CVE
Score CVSS v3.1N/A
Publie5/5/2026
Derniere modification5/5/2026
Sourcenvd
Observations honeypot0
Faiblesses (CWE)
CWE-88
References
https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-003-0015-001(25b0b659-c4b4-483f-aecb-067757d23ef3)
https://www.crestron.com/release_notes/tsw-xx70_3.003.0015.001_release_notes.pdf(25b0b659-c4b4-483f-aecb-067757d23ef3)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.