Vulnerability Details CVE-2018-5553
The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.085
EPSS Ranking 91.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/
- https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553
- https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/
- https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553
Products affected by CVE-2018-5553
-
cpe:2.3:h:crestron:dge-100:-
-
cpe:2.3:h:crestron:dm-dge-200-c:-
-
cpe:2.3:h:crestron:ts-1542-c:-
-
cpe:2.3:o:crestron:dge-100_firmware:1.3384.00049.001
-
cpe:2.3:o:crestron:dm-dge-200-c_firmware:1.3384.00049.001
-
cpe:2.3:o:crestron:ts-1542-c_firmware:1.3384.00049.001