| Max CVSS | 10.0 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2018-5553 | 10.0 |
The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access.
|
09-10-2019 - 23:41 | 10-07-2018 - 16:29 | |
| CVE-2017-16709 | 6.5 |
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.
|
03-10-2019 - 00:03 | 11-07-2018 - 16:29 | |
| CVE-2018-11229 | 7.5 |
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP).
|
13-05-2019 - 18:31 | 08-06-2018 - 01:29 | |
| CVE-2018-11228 | 10.0 |
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).
|
02-05-2019 - 14:48 | 08-06-2018 - 01:29 | |
| CVE-2017-16710 | 3.5 |
Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
05-09-2018 - 15:42 | 11-07-2018 - 16:29 |