{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7865", "assignerOrgId": "25b0b659-c4b4-483f-aecb-067757d23ef3", "state": "PUBLISHED", "assignerShortName": "Crestron", "dateReserved": "2026-05-05T13:36:54.938Z", "datePublished": "2026-05-05T15:05:12.734Z", "dateUpdated": "2026-05-06T15:25:23.058Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "25b0b659-c4b4-483f-aecb-067757d23ef3", "shortName": "Crestron", "dateUpdated": "2026-05-05T15:05:12.734Z"}, "title": "Hidden Console Command", "datePublic": "2026-05-05T14:10:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-88", "description": "CWE-88 Improper neutralization of argument delimiters in a command ('argument injection')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-6", "descriptions": [{"lang": "en", "value": "CAPEC-6 Argument Injection"}]}], "affected": [{"vendor": "Crestron Electronics", "product": "Touchpanels (x60/x70)", "versions": [{"status": "affected", "version": "3.002.0043.001", "lessThanOrEqual": "3.003.0015.001", "changes": [{"at": "3.003.0015.001", "status": "unaffected"}], "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A hidden console command is vulnerable to command injection\nflaw when control characters are passed to its second argument.\u00a0\n\nA third party researcher Eugene Lim had discovered vulnerability\nin the way console command passes to a popen function call. Attackers with\nauthenticated access to SSH console of Crestron devices may use to run\nunderlying OS commands.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>A hidden console command is vulnerable to command injection\nflaw when control characters are passed to its second argument.&nbsp;<br><br><span>A third party researcher Eugene Lim had discovered vulnerability\nin the way console command passes to a popen function call. Attackers with\nauthenticated access to SSH console of Crestron devices may use to run\nunderlying OS commands.</span></p>"}]}], "references": [{"url": "https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-003-0015-001", "tags": ["patch"]}, {"url": "https://www.crestron.com/release_notes/tsw-xx70_3.003.0015.001_release_notes.pdf", "tags": ["release-notes"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.4, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"}}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-05T18:31:34.690899Z", "id": "CVE-2026-7865", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-06T15:25:23.058Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-7865", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-05T18:31:34.690899Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-05T18:31:40.724Z"}}], "cna": {"title": "Hidden Console Command", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-6", "descriptions": [{"lang": "en", "value": "CAPEC-6 Argument Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.4, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Crestron Electronics", "product": "Touchpanels (x60/x70)", "versions": [{"status": "affected", "changes": [{"at": "3.003.0015.001", "status": "unaffected"}], "version": "3.002.0043.001", "versionType": "custom", "lessThanOrEqual": "3.003.0015.001"}], "defaultStatus": "unaffected"}], "datePublic": "2026-05-05T14:10:00.000Z", "references": [{"url": "https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-003-0015-001", "tags": ["patch"]}, {"url": "https://www.crestron.com/release_notes/tsw-xx70_3.003.0015.001_release_notes.pdf", "tags": ["release-notes"]}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "A hidden console command is vulnerable to command injection\nflaw when control characters are passed to its second argument.\u00a0\n\nA third party researcher Eugene Lim had discovered vulnerability\nin the way console command passes to a popen function call. Attackers with\nauthenticated access to SSH console of Crestron devices may use to run\nunderlying OS commands.", "supportingMedia": [{"type": "text/html", "value": "<p>A hidden console command is vulnerable to command injection\nflaw when control characters are passed to its second argument.&nbsp;<br><br><span>A third party researcher Eugene Lim had discovered vulnerability\nin the way console command passes to a popen function call. Attackers with\nauthenticated access to SSH console of Crestron devices may use to run\nunderlying OS commands.</span></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-88", "description": "CWE-88 Improper neutralization of argument delimiters in a command ('argument injection')"}]}], "providerMetadata": {"orgId": "25b0b659-c4b4-483f-aecb-067757d23ef3", "shortName": "Crestron", "dateUpdated": "2026-05-05T15:05:12.734Z"}}}, "cveMetadata": {"cveId": "CVE-2026-7865", "state": "PUBLISHED", "dateUpdated": "2026-05-06T15:25:23.058Z", "dateReserved": "2026-05-05T13:36:54.938Z", "assignerOrgId": "25b0b659-c4b4-483f-aecb-067757d23ef3", "datePublished": "2026-05-05T15:05:12.734Z", "assignerShortName": "Crestron"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A hidden console command is vulnerable to command injection\nflaw when control characters are passed to its second argument.\u00a0\n\nA third party researcher Eugene Lim had discovered vulnerability\nin the way console command passes to a popen function call. Attackers with\nauthenticated access to SSH console of Crestron devices may use to run\nunderlying OS commands."}], "id": "CVE-2026-7865", "lastModified": "2026-05-07T14:53:48.473", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "25b0b659-c4b4-483f-aecb-067757d23ef3", "type": "Secondary"}]}, "published": "2026-05-05T16:16:19.730", "references": [{"source": "25b0b659-c4b4-483f-aecb-067757d23ef3", "url": "https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-003-0015-001"}, {"source": "25b0b659-c4b4-483f-aecb-067757d23ef3", "url": "https://www.crestron.com/release_notes/tsw-xx70_3.003.0015.001_release_notes.pdf"}], "sourceIdentifier": "25b0b659-c4b4-483f-aecb-067757d23ef3", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "25b0b659-c4b4-483f-aecb-067757d23ef3", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[3.002.0043.001,3.003.0015.001]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[3.003.0015.001,3.003.0015.001]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Touchpanels (x60/x70)", "source": "cna", "vendor": "Crestron Electronics"}, "product": "touchpanels_x60", "vendor": "crestron"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[3.002.0043.001,3.003.0015.001]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[3.003.0015.001,3.003.0015.001]"}}], "original": {"product": "Touchpanels (x60/x70)", "source": "cna", "vendor": "Crestron Electronics"}, "product": "touchpanels_x70", "vendor": "crestron"}], "created": "2026-05-05T17:45:06.155002+00:00", "updated": "2026-05-06T09:21:36.189189+00:00", "vendors": ["crestron", "crestron$PRODUCT$touchpanels_x60", "crestron$PRODUCT$touchpanels_x70"]}