mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
1.2 KiB
1.2 KiB
CVE-2025-47421
&color=brightgreen)
Description
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001.A specially crafted SCP command sent via SSH login string can lead a valid administrator user to gain Privileged Operating System access on the device.Following Products Models are affected:TSW-x70 TSW-x60 TST-1080AM-3000/3100/3200Soundbar VB70HD-PS622/621/402HD-TXU-RXU-4kZ-211HD-MDNXM-4KZ-E*Note: additional firmware updates will be published once made available
POC
Reference
Github
No PoCs found on GitHub currently.