CVE-2026-7865

A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH conso...

EUVD-2026-27394

A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH...

CVE-2026-7865

A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH...

CVE-2026-7865

A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH...

CVE-2026-7865

The CVE-2026-7865 entry describes a vulnerability in Crestron devices where a hidden console command can be exploited to perform command injection by passing control characters to the second argument of a popen call. Affected software is the Crestron SSH console exposed on eligible devices; the u...

PT-2026-37084

Name of the Vulnerable Software and Affected Versions Crestron devices affected versions not specified Description A hidden console command contains a command injection flaw occurring when control characters are passed to its second argument. This issue exists in the way the console command is...

EUVD-2020-8800

Malware in sbrugna...

EUVD-2019-13534

Malware in sbrugna...

EUVD-2019-13545

Malware in sbrugna...

EUVD-2018-2702

Malware in sbrugna...

EUVD-2019-13535

Malware in sbrugna...

EUVD-2019-13538

Malware in sbrugna...

EUVD-2019-13544

Malware in sbrugna...

EUVD-2018-3268

Malware in sbrugna...

CVE-2020-16839

On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request...

CVE-2019-3926

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.14.1. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root...

Design/Logic Flaw

An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname...

CVE-2020-16839

On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request...

VulnCheck KEV: CVE-2019-3929

Multiple Crestron products are vulnerable to command injection via the filetransfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root...

CVE-2019-3934

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can use this vulnerability to download the current slide image without knowing the access code...