← Voltar para CVEs
CVE-2025-47421
N/ADescricao
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001. A specially crafted SCP command sent via SSH login string can lead a valid administrator user to gain Privileged Operating System access on the device. Following Products Models are affected: TSW-x70 TSW-x60 TST-1080 AM-3000/3100/3200 Soundbar VB70 HD-PS622/621/402 HD-TXU-RXU-4kZ-211 HD-MDNXM-4KZ-E *Note: additional firmware updates will be published once made available
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado9/3/2025
Ultima modificacao9/4/2025
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-88
Referencias
https://https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-002-0040-001(25b0b659-c4b4-483f-aecb-067757d23ef3)
https://https://www.crestron.com/release_notes/tsw-xx70_3.002.0040.001_release_notes.pdf(25b0b659-c4b4-483f-aecb-067757d23ef3)
https://security.crestron.com(25b0b659-c4b4-483f-aecb-067757d23ef3)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.