![]() ![]() It is being disclosed in accordance Rapid7's vulnerability disclosure policy. This issue was discovered by Rapid7 researchers Cale Black and Jordan Larose. Crestron Electronics distributes this device globally. ![]() The typical installation is a corporate meeting space or control room. More information about the device is available at the vendor's website. The Crestron Digital Graphics Engine 100 (DGE-100), is a hardware controller used to connect a touchscreen interface (commonly, a Crestron TSD-2220 HD touchscreen display) to external sources over HDMI, USB, or Ethernet. Users should update their DGE-100 devices to the latest firmware version available here. DGE-100 devices running firmware versions 1.3384.00049.001 and lower with default configuration are vulnerable to CVE-2018-5553.ĬVE-2018-5553 is categorized as CWE-78 (Improper Neutralization of Special Elements used in an OS Command), and has a base CVSSv3 score of 9.8 (Critical). Due to a lack of input sanitization, this service is vulnerable to command injection that can be used to gain root-level access. ![]() This post describes CVE-2018-5553, a vulnerability in the Crestron Console service that is preinstalled on the DGE-100. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |