{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7865", "assignerOrgId": "25b0b659-c4b4-483f-aecb-067757d23ef3", "state": "PUBLISHED", "assignerShortName": "Crestron", "dateReserved": "2026-05-05T13:36:54.938Z", "datePublished": "2026-05-05T15:05:12.734Z", "dateUpdated": "2026-05-05T15:05:12.734Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "25b0b659-c4b4-483f-aecb-067757d23ef3", "shortName": "Crestron", "dateUpdated": "2026-05-05T15:05:12.734Z"}, "title": "Hidden Console Command", "datePublic": "2026-05-05T14:10:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-88", "description": "CWE-88 Improper neutralization of argument delimiters in a command ('argument injection')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-6", "descriptions": [{"lang": "en", "value": "CAPEC-6 Argument Injection"}]}], "affected": [{"vendor": "Crestron Electronics", "product": "Touchpanels (x60/x70)", "versions": [{"status": "affected", "version": "3.002.0043.001", "lessThanOrEqual": "3.003.0015.001", "changes": [{"at": "3.003.0015.001", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A hidden console command is vulnerable to command injection\nflaw when control characters are passed to its second argument.\u00a0\n\nA third party researcher Eugene Lim had discovered vulnerability\nin the way console command passes to a popen function call. Attackers with\nauthenticated access to SSH console of Crestron devices may use to run\nunderlying OS commands.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>A hidden console command is vulnerable to command injection\nflaw when control characters are passed to its second argument.&nbsp;<br><br><span>A third party researcher Eugene Lim had discovered vulnerability\nin the way console command passes to a popen function call. Attackers with\nauthenticated access to SSH console of Crestron devices may use to run\nunderlying OS commands.</span></p>"}]}], "references": [{"url": "https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-003-0015-001", "tags": ["patch"]}, {"url": "https://www.crestron.com/release_notes/tsw-xx70_3.003.0015.001_release_notes.pdf", "tags": ["release-notes"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.4, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"}}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A hidden console command is vulnerable to command injection\nflaw when control characters are passed to its second argument.\u00a0\n\nA third party researcher Eugene Lim had discovered vulnerability\nin the way console command passes to a popen function call. Attackers with\nauthenticated access to SSH console of Crestron devices may use to run\nunderlying OS commands."}], "id": "CVE-2026-7865", "lastModified": "2026-05-05T16:16:19.730", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "25b0b659-c4b4-483f-aecb-067757d23ef3", "type": "Secondary"}]}, "published": "2026-05-05T16:16:19.730", "references": [{"source": "25b0b659-c4b4-483f-aecb-067757d23ef3", "url": "https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-003-0015-001"}, {"source": "25b0b659-c4b4-483f-aecb-067757d23ef3", "url": "https://www.crestron.com/release_notes/tsw-xx70_3.003.0015.001_release_notes.pdf"}], "sourceIdentifier": "25b0b659-c4b4-483f-aecb-067757d23ef3", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "25b0b659-c4b4-483f-aecb-067757d23ef3", "type": "Secondary"}]}

{}

{"created": "2026-05-05T17:45:06.155002+00:00", "updated": "2026-05-05T17:45:06.155013+00:00", "vendors": []}