QwikSec

Security Database

CVE

CWE

Training

CVE-2026-7865

Published: May 5, 2026

Modified: May 6, 2026

PUBLISHED

Description

A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH console of Crestron devices may use to run underlying OS commands.

Vendor	Product	Versions
Crestron Electronics	Touchpanels (x60/x70)	affected `3.002.0043.001 - <= 3.003.0015.001`

Weaknesses (CWE)

References

https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-003-0015-001

patch

https://www.crestron.com/release_notes/tsw-xx70_3.003.0015.001_release_notes.pdf

release-notes

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.