Vulnerabilities > Crestron > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-10 | CVE-2018-5553 | OS Command Injection vulnerability in Crestron products The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access. | 10.0 |
| 2018-06-08 | CVE-2018-11228 | Code Injection vulnerability in Crestron Toolbox Protocol Firmware Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP). | 10.0 |
| 2016-08-03 | CVE-2016-5670 | Credentials Management vulnerability in Crestron Dm-Txrx-100-Str Firmware 1.2866.00026 Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface. | 10.0 |
| 2016-08-03 | CVE-2016-5640 | Command Injection vulnerability in Crestron Airmedia Am-100 Firmware Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. | 10.0 |