Teltonika RUTOS 安全漏洞

Teltonika RUTOS is a unified operating system based on OpenWrt by the Teltonika company. Vulnerabilities exist in versions 7.22 to 7.23.2 of Teltonika RUTOS, as well as in versions 1.09 to 1.09.1 of TSWOS. These vulnerabilities stem from unsafe calls to the eval function in rpc-profile, which may...

EUVD-2025-27258

Malicious code in bioql PyPI...

EUVD-2025-27588

Malicious code in bioql PyPI...

CVE-2025-47415

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in CRESTRON TOUCHSCREENS x70 allows Relative Path Traversal.This issue affects TOUCHSCREENS x70: from 3.000.0110.001 before 3.001.0031.001. Confirmed Affected Hardware: TSW-760, TSW-1060 Confirmed Affected...

CVE-2025-47415

Summary (CVE-2025-47415): CRESTRON TOUCHSCREENS x70 are affected by a path-traversal vulnerability. Affected hardware: TSW-760 and TSW-1060. Affected firmware: 3.000.0110.001 and earlier. Fixed firmware: 3.001.0031.001. The issue allows relative path traversal and is limited to network-accessible...

CVE-2025-47415 RECWAVE Filepath Traversal

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in CRESTRON TOUCHSCREENS x70 allows Relative Path Traversal.This issue affects TOUCHSCREENS x70: from 3.000.0110.001 before 3.001.0031.001. Confirmed Affected Hardware: TSW-760, TSW-1060 Confirmed Affected...

CVE-2025-47416

A vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc. so imported by ctpd that may lead to unauthorized execution of an attacker-defined file that gets prioritized by the ConsoleFindCommandMatchList. A third-party researcher discovered that the...

CVE-2025-47416 ConsoleFindCommandMatchList

A vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc. so imported by ctpd that may lead to unauthorized execution of an attacker-defined file that gets prioritized by the ConsoleFindCommandMatchList. A third-party researcher discovered that the...

CVE-2025-47416

CVE-2025-47416 affects Crestron touch panels TSW-760 and TSW-1060. The vulnerability resides in the ConsoleFindCommandMatchList function in libsymproc.so imported by ctpd, which may lead to unauthorized execution of an attacker-defined file prioritized by ConsoleFindCommandMatchList. The issue is...

PT-2025-36922

Name of the Vulnerable Software and Affected Versions: CRESTRON TOUCHSCREENS x70 versions 3.000.0110.001 through 3.001.0030.000 Description: A path traversal vulnerability exists in CRESTRON TOUCHSCREENS x70, allowing relative path traversal. This issue affects TSW-760 and TSW-1060 hardware runni...

PT-2025-36735

Name of the Vulnerable Software and Affected Versions: TSW-760 versions prior to 3.001.0031.001 TSW-1060 versions prior to 3.001.0031.001 Description: A vulnerability exists in the ConsoleFindCommandMatchList function within libsymproc.so imported by ctpd that may allow an attacker to execute an...

CVE-2025-47421

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001. A specially crafted SCP command sent via SSH login string can lead...

PT-2025-35721

Name of the Vulnerable Software and Affected Versions: CRESTRON TOUCHSCREENS x70 versions 3.001.0031.001 through 3.001.0034.001 Description: An improper neutralization of argument delimiters in a command 'Argument Injection' vulnerability exists in CRESTRON TOUCHSCREENS x70. A specially crafted S...

CVE-2018-10630

For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open...

Open redirect

For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open...

CVE-2018-10630

For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open...

CVE-2018-13341

Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execut...

CVE-2018-13341

Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execut...

Code injection

Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execut...

CVE-2018-10630

For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open...