Description
A hidden console command is vulnerable to command injection
flaw when control characters are passed to its second argument. 

A third party researcher Eugene Lim had discovered vulnerability
in the way console command passes to a popen function call. Attackers with
authenticated access to SSH console of Crestron devices may use to run
underlying OS commands.
Published: 2026-05-05
Score: 7.4 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A hidden console command in certain Crestron Touchpanels can be abused to inject operating‑system commands. The vulnerability is caused by improper handling of control characters passed to a popen call, which falls under CWE‑88. Successful exploitation allows an attacker to run arbitrary shell commands with the privileges of the console process, potentially leading to full system compromise and the compromise of connected facilities.

Affected Systems

Crestron Electronics Touchpanels series x60 and x70 are affected by this flaw. The issue arises in the console command functionality of these devices and is documented in the vendor’s firmware release notes for the relevant models.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.4, indicating high severity. An EPSS score is not available, and the flaw is not listed in the CISA KEV catalog. The likely attack vector requires an attacker to have authenticated SSH access to the device’s console; without such credentials the command injection cannot be performed.

Generated by OpenCVE AI on May 5, 2026 at 17:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device firmware to the latest version released for the affected Touchpanel models (TS‑770, TS‑1070, TSS‑770, TSS‑1070, TSW‑570) as documented in the vendor’s release notes.
  • Restrict SSH access to the console by limiting it to trusted personnel and disabling or tightly controlling the hidden command functionality through network firewall or access control lists.
  • Configure monitoring to detect anomalous console activity and enforce strict change‑control procedures for managing device configurations.

Generated by OpenCVE AI on May 5, 2026 at 17:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Crestron
Crestron touchpanels X60
Crestron touchpanels X70
Vendors & Products Crestron
Crestron touchpanels X60
Crestron touchpanels X70

Tue, 05 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument.  A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH console of Crestron devices may use to run underlying OS commands.
Title Hidden Console Command
Weaknesses CWE-88
References
Metrics cvssV4_0

{'score': 7.4, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Crestron

Published:

Updated: 2026-05-05T15:05:12.734Z

Reserved: 2026-05-05T13:36:54.938Z

Link: CVE-2026-7865

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-05T16:16:19.730

Modified: 2026-05-05T16:16:19.730

Link: CVE-2026-7865

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T09:21:36Z

Weaknesses