CVE-2026-7865

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published May 05, 2026

Vendor unknown

Description

A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH console of Crestron devices may use to run underlying OS commands.

References

https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-003-0015-001
https://www.crestron.com/release_notes/tsw-xx70_3.003.0015.001_release_notes.pdf