CVE-2018-11228

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:crestron:crestron_toolbox_protocol_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:crestron:dmc-str:-:*:*:*:*:*:*:*
cpe:2.3:h:crestron:tsw-1060:-:*:*:*:*:*:*:*
cpe:2.3:h:crestron:tsw-1060-nc:-:*:*:*:*:*:*:*
cpe:2.3:h:crestron:tsw-560:-:*:*:*:*:*:*:*
cpe:2.3:h:crestron:tsw-560-nc:-:*:*:*:*:*:*:*
cpe:2.3:h:crestron:tsw-760:-:*:*:*:*:*:*:*
cpe:2.3:h:crestron:tsw-760-nc:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-06-08 01:29

Updated : 2024-02-28 16:25


NVD link : CVE-2018-11228

Mitre link : CVE-2018-11228

CVE.ORG link : CVE-2018-11228


JSON object : View

Products Affected

crestron

  • tsw-560-nc
  • tsw-760
  • tsw-1060
  • tsw-760-nc
  • dmc-str
  • crestron_toolbox_protocol_firmware
  • tsw-560
  • tsw-1060-nc
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')