CVE-2018-5553

Summary

The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access.

Affected Software

VendorProductVersion RangeStatus
CrestronDGE-100unspecified <= 1.3384.00049.001affected
CrestronTS-1542-Cunspecified <= 1.3384.00049.001affected
CrestronDM-DGE-200-Cunspecified <= 1.3384.00049.001affected

Weaknesses

  • CWE-78: CWE-78 (Improper Neutralization of Special Elements used in an OS Command)

ADP Enrichment

CVE Program Container

Additional References

References