CVE-2018-11228

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:crestron:crestron_toolbox_protocol_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:crestron:dmc-str:-:*:*:*:*:*:*:*
cpe:2.3:h:crestron:tsw-1060:-:*:*:*:*:*:*:*
cpe:2.3:h:crestron:tsw-1060-nc:-:*:*:*:*:*:*:*
cpe:2.3:h:crestron:tsw-560:-:*:*:*:*:*:*:*
cpe:2.3:h:crestron:tsw-560-nc:-:*:*:*:*:*:*:*
cpe:2.3:h:crestron:tsw-760:-:*:*:*:*:*:*:*
cpe:2.3:h:crestron:tsw-760-nc:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:42

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/105051 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/105051 - Third Party Advisory, VDB Entry
References () https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01 - Third Party Advisory, US Government Resource () https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01 - Third Party Advisory, US Government Resource
References () https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet - Vendor Advisory () https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet - Vendor Advisory

Information

Published : 2018-06-08 01:29

Updated : 2024-11-21 03:42


NVD link : CVE-2018-11228

Mitre link : CVE-2018-11228

CVE.ORG link : CVE-2018-11228


JSON object : View

Products Affected

crestron

  • tsw-560
  • dmc-str
  • tsw-760
  • tsw-560-nc
  • tsw-760-nc
  • tsw-1060-nc
  • tsw-1060
  • crestron_toolbox_protocol_firmware
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')