← Voltar para CVEs
CVE-2026-7865
N/ADescricao
A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH console of Crestron devices may use to run underlying OS commands.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado5/5/2026
Ultima modificacao5/5/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-88
Referencias
https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-003-0015-001(25b0b659-c4b4-483f-aecb-067757d23ef3)
https://www.crestron.com/release_notes/tsw-xx70_3.003.0015.001_release_notes.pdf(25b0b659-c4b4-483f-aecb-067757d23ef3)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.