This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Crestron Crestronβs WindowCE-based products. Authentication is required to exploit this vulnerability. The specific flaw exists within the engineer built-in account that enables a hidden βLAUNCHβ command. An attacker can leverage this vulnerability to escape the CTP consoleβs sandbox environment to execute commands with elevated privileges.