NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-7865

Summary	A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH console of Crestron devices may use to run underlying OS commands.
Publication Date	May 6, 2026, 1:16 a.m.
Registration Date	May 6, 2026, 4:07 a.m.
Last Update	May 6, 2026, 1:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-003-0015-001	25b0b659-c4b4-483f-aecb-067757d23ef3
2	https://www.crestron.com/release_notes/tsw-xx70_3.003.0015.001_release_notes.pdf	25b0b659-c4b4-483f-aecb-067757d23ef3

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-88	引数の挿入または変更	https://cwe.mitre.org/data/definitions/88.html