Unauthenticated Remote Code Execution via Bash Shell Service in Crestron TSW Devices

Unauthenticated Remote Code Execution via Bash Shell Service in Crestron TSW Devices

CVE-2018-11228 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).

Learn more about our Web Application Penetration Testing UK.