Hidden Console Command_CVE-2026-7865

7.4 / 10

HIGH

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

A hidden console command is vulnerable to command injection
flaw when control characters are passed to its second argument.

A third party researcher Eugene Lim had discovered vulnerability
in the way console command passes to a popen function call. Attackers with
authenticated access to SSH console of Crestron devices may use to run
underlying OS commands.

Basic Information

ID CVE-2026-7865

Source Crestron

Published May 5, 2026 at 15:05

Affected Product

Vendor Crestron Electronics

Product Touchpanels (x60/x70)

Version 3.002.0043.001

Affected Versions Crestron Electronics Touchpanels (x60/x70) 3.002.0043.001

CWE Classification

CWE-88

References

{
    "lastseen": "",
    "description": "A hidden console command is vulnerable to command injection\nflaw when control characters are passed to its second argument.\u00a0\n\nA third party researcher Eugene Lim had discovered vulnerability\nin the way console command passes to a popen function call. Attackers with\nauthenticated access to SSH console of Crestron devices may use to run\nunderlying OS commands.",
    "published": "2026-05-05T15:05:12.734Z",
    "modified": "2026-05-05T15:05:12.734Z",
    "type": "cve",
    "title": "Hidden Console Command",
    "source": "Crestron",
    "references": "https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-003-0015-001\nhttps://www.crestron.com/release_notes/tsw-xx70_3.003.0015.001_release_notes.pdf",
    "id": "CVE-2026-7865",
    "bulletinFamily": "",
    "cwe": [
        "CWE-88"
    ],
    "cvelist": null,
    "sourceData": "Crestron Electronics Touchpanels (x60/x70) 3.002.0043.001",
    "sourceHref": "",
    "cvss": {
        "score": 7.4,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Touchpanels (x60/x70)",
    "version": "3.002.0043.001",
    "vendor": "Crestron Electronics",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}