Crestron Multiple Products CTP Console REMOVEDIR Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the REMOVEDIR command of the CTP console. The issue results from the...