CVSS: 10.0EPSS: 17%CPEs: 8EXPL: 0CVE-2018-11228 – Crestron Multiple Products CTP Console EDIDMUX Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-11228
08 Jun 2018 — Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP). Los dispositivos Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC y TSW-560-NC en versiones anteriores a la 2.001.0037.001 permiten la ejecución remota de código sin autenticar mediante un servicio shell Bash en CTP (Crestron Toolbox Protocol). This vulnerability allows remote attackers ... • http://www.securityfocus.com/bid/105051 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 5%CPEs: 8EXPL: 0CVE-2018-11229 – Crestron Multiple Products CTP Console LAUNCH Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-11229
08 Jun 2018 — Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP). Los dispositivos Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC y TSW-560-NC en versiones anteriores a la 2.001.0037.001 permiten la ejecución remota de código sin autenticar mediante una inyección de comandos en CTP (Crestron Toolbox Protocol). This vulnerability allows remote attackers ... • http://www.securityfocus.com/bid/105051 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •