// For flags

CVE-2018-10630

Crestron Multiple Products CTP Console Incorrect Default Permissions Remote Code Execution Vulnerability

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open.

Para las versiones anteriores a la 2.001.0037.001 de Crestron TSW-X60 y las versiones anteriores a la 1.502.0047.001 de MC3, los dispositivos se distribuyen con la autenticación deshabilitada y no existen indicaciones de que los usuarios deban tomar medidas para habilitada. Al estar comprometidos, el acceso a la consola CTP se deja abierto.

This vulnerability allows remote attackers to execute execute arbitrary code on vulnerable installations of Crestron products. Authentication is not required to exploit this vulnerability.
The specific flaw exists due to authentication being disabled by default on all Crestron devices. An attacker can leverage this vulnerability to execute code under the context of Administrator.

*Credits: Ricky "HeadlessZeke" Lawshae
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-05-01 CVE Reserved
  • 2018-08-10 CVE Published
  • 2024-01-01 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-284: Improper Access Control
  • CWE-287: Improper Authentication
CAPEC
References (2)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Crestron
Search vendor "Crestron"
Tsw-x60 Firmware
Search vendor "Crestron" for product "Tsw-x60 Firmware"
< 2.001.0037.001
Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001"
-
Affected
in Crestron
Search vendor "Crestron"
Tsw-1060-b-s
Search vendor "Crestron" for product "Tsw-1060-b-s"
--
Safe
Crestron
Search vendor "Crestron"
Tsw-x60 Firmware
Search vendor "Crestron" for product "Tsw-x60 Firmware"
< 2.001.0037.001
Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001"
-
Affected
in Crestron
Search vendor "Crestron"
Tsw-1060-nc-b-s
Search vendor "Crestron" for product "Tsw-1060-nc-b-s"
--
Safe
Crestron
Search vendor "Crestron"
Tsw-x60 Firmware
Search vendor "Crestron" for product "Tsw-x60 Firmware"
< 2.001.0037.001
Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001"
-
Affected
in Crestron
Search vendor "Crestron"
Tsw-1060-nc-w-s
Search vendor "Crestron" for product "Tsw-1060-nc-w-s"
--
Safe
Crestron
Search vendor "Crestron"
Tsw-x60 Firmware
Search vendor "Crestron" for product "Tsw-x60 Firmware"
< 2.001.0037.001
Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001"
-
Affected
in Crestron
Search vendor "Crestron"
Tsw-1060-w-s
Search vendor "Crestron" for product "Tsw-1060-w-s"
--
Safe
Crestron
Search vendor "Crestron"
Tsw-x60 Firmware
Search vendor "Crestron" for product "Tsw-x60 Firmware"
< 2.001.0037.001
Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001"
-
Affected
in Crestron
Search vendor "Crestron"
Tsw-560-b-s
Search vendor "Crestron" for product "Tsw-560-b-s"
--
Safe
Crestron
Search vendor "Crestron"
Tsw-x60 Firmware
Search vendor "Crestron" for product "Tsw-x60 Firmware"
< 2.001.0037.001
Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001"
-
Affected
in Crestron
Search vendor "Crestron"
Tsw-560-nc-b-s
Search vendor "Crestron" for product "Tsw-560-nc-b-s"
--
Safe
Crestron
Search vendor "Crestron"
Tsw-x60 Firmware
Search vendor "Crestron" for product "Tsw-x60 Firmware"
< 2.001.0037.001
Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001"
-
Affected
in Crestron
Search vendor "Crestron"
Tsw-560-nc-w-s
Search vendor "Crestron" for product "Tsw-560-nc-w-s"
--
Safe
Crestron
Search vendor "Crestron"
Tsw-x60 Firmware
Search vendor "Crestron" for product "Tsw-x60 Firmware"
< 2.001.0037.001
Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001"
-
Affected
in Crestron
Search vendor "Crestron"
Tsw-560-w-s
Search vendor "Crestron" for product "Tsw-560-w-s"
--
Safe
Crestron
Search vendor "Crestron"
Tsw-x60 Firmware
Search vendor "Crestron" for product "Tsw-x60 Firmware"
< 2.001.0037.001
Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001"
-
Affected
in Crestron
Search vendor "Crestron"
Tsw-760-b-s
Search vendor "Crestron" for product "Tsw-760-b-s"
--
Safe
Crestron
Search vendor "Crestron"
Tsw-x60 Firmware
Search vendor "Crestron" for product "Tsw-x60 Firmware"
< 2.001.0037.001
Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001"
-
Affected
in Crestron
Search vendor "Crestron"
Tsw-760-nc-b-s
Search vendor "Crestron" for product "Tsw-760-nc-b-s"
--
Safe
Crestron
Search vendor "Crestron"
Tsw-x60 Firmware
Search vendor "Crestron" for product "Tsw-x60 Firmware"
< 2.001.0037.001
Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001"
-
Affected
in Crestron
Search vendor "Crestron"
Tsw-760-nc-w-s
Search vendor "Crestron" for product "Tsw-760-nc-w-s"
--
Safe
Crestron
Search vendor "Crestron"
Tsw-x60 Firmware
Search vendor "Crestron" for product "Tsw-x60 Firmware"
< 2.001.0037.001
Search vendor "Crestron" for product "Tsw-x60 Firmware" and version " < 2.001.0037.001"
-
Affected
in Crestron
Search vendor "Crestron"
Tsw-760-w-s
Search vendor "Crestron" for product "Tsw-760-w-s"
--
Safe
Crestron
Search vendor "Crestron"
Mc3 Firmware
Search vendor "Crestron" for product "Mc3 Firmware"
< 1.502.0047.001
Search vendor "Crestron" for product "Mc3 Firmware" and version " < 1.502.0047.001"
-
Affected
in Crestron
Search vendor "Crestron"
Mc3
Search vendor "Crestron" for product "Mc3"
--
Safe