var-201806-1058
Vulnerability from variot

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron's Android-based products. Authentication is required to exploit this vulnerability.The specific flaw exists within the ADDUSER command of the CTP console. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker could leverage this vulnerability to execute code with root privileges. CrestronTSW-1060 and other are touch screen devices of Crestron Electronics of the United States. There are security vulnerabilities in several Crestron products

Show details on source website


{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "tsw-760",
        "scope": null,
        "trust": 11.2,
        "vendor": "crestron",
        "version": null
      },
      {
        "_id": null,
        "model": "toolbox protocol",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "crestron",
        "version": "2.001.0037.001"
      },
      {
        "_id": null,
        "model": "tsw-1060",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "crestron",
        "version": "2.001.0037.001"
      },
      {
        "_id": null,
        "model": "tsw-760",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "crestron",
        "version": "2.001.0037.001"
      },
      {
        "_id": null,
        "model": "tsw-560",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "crestron",
        "version": "2.001.0037.001"
      },
      {
        "_id": null,
        "model": "tsw-1060-nc",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "crestron",
        "version": "2.001.0037.001"
      },
      {
        "_id": null,
        "model": "tsw-760-nc",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "crestron",
        "version": "2.001.0037.001"
      },
      {
        "_id": null,
        "model": "tsw-560-nc",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "crestron",
        "version": "2.001.0037.001"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-935"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-926"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-1080"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-931"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-924"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-938"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-916"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-929"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-927"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-928"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-925"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-922"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-937"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-917"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-919"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-915"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12159"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11228"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:crestron:crestron_toolbox_protocol_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.001.0037.001",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:crestron:tsw-760:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:crestron:dmc-str:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:crestron:tsw-560:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:crestron:tsw-1060-nc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:crestron:tsw-760-nc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:crestron:tsw-560-nc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:crestron:tsw-1060:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-11228"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Ricky \"HeadlessZeke\" Lawshae",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-935"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-926"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-1080"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-931"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-924"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-938"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-916"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-929"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-927"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-928"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-925"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-922"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-937"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-917"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-919"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-915"
      }
    ],
    "trust": 11.2
  },
  "cve": "CVE-2018-11228",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2018-11228",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 9.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "ZDI",
            "availabilityImpact": "COMPLETE",
            "baseScore": 8.5,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 6.8,
            "id": "CVE-2018-11228",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 1.4,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-12159",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "ZDI",
            "id": "CVE-2018-11228",
            "trust": 11.2,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-11228",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-12159",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-935"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-926"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-1080"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-931"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-924"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-938"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-916"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-929"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-927"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-928"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-925"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-922"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-937"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-917"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-919"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-915"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12159"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11228"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Crestron\u0027s Android-based products. Authentication is required to exploit this vulnerability.The specific flaw exists within the ADDUSER command of the CTP console. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker could leverage this vulnerability to execute code with root privileges. CrestronTSW-1060 and other are touch screen devices of Crestron Electronics of the United States. There are security vulnerabilities in several Crestron products",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-11228"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-926"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-915"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-919"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-917"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-937"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-922"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-925"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-935"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-927"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-929"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-916"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-938"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-924"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-931"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-1080"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-928"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12159"
      }
    ],
    "trust": 11.52
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-11228",
        "trust": 12.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-221-01",
        "trust": 1.0
      },
      {
        "db": "BID",
        "id": "105051",
        "trust": 1.0
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-6176",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-935",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-6167",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-926",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-6274",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-1080",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-6172",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-931",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-6165",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-924",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-6189",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-938",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-6156",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-916",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-6170",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-929",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-6168",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-927",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-6169",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-928",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-6166",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-925",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-6163",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-922",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-6178",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-937",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-6157",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-917",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-6159",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-919",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-6155",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-915",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12159",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-935"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-926"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-1080"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-931"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-924"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-938"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-916"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-929"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-927"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-928"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-925"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-922"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-937"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-917"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-919"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-915"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12159"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11228"
      }
    ]
  },
  "id": "VAR-201806-1058",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-12159"
      }
    ],
    "trust": 1.2973039216666666
  },
  "iot_taxonomy": {
    "_id": null,
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-12159"
      }
    ]
  },
  "last_update_date": "2024-07-23T22:28:27.641000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Crestron has issued an update to correct this vulnerability.",
        "trust": 11.2,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-221-01"
      },
      {
        "title": "Patches for multiple Crestron product code execution vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/132893"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-935"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-926"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-1080"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-931"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-924"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-938"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-916"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-929"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-927"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-928"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-925"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-922"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-937"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-917"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-919"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-915"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12159"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-11228"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 12.2,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-221-01"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/105051"
      },
      {
        "trust": 1.0,
        "url": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11228"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-935"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-926"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-1080"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-931"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-924"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-938"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-916"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-929"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-927"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-928"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-925"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-922"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-937"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-917"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-919"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-915"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12159"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11228"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-18-935",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-926",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-1080",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-931",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-924",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-938",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-916",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-929",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-927",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-928",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-925",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-922",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-937",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-917",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-919",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-915",
        "ident": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-12159",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2018-11228",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-935",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-926",
        "ident": null
      },
      {
        "date": "2018-09-24T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-1080",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-931",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-924",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-938",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-916",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-929",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-927",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-928",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-925",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-922",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-937",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-917",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-919",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-915",
        "ident": null
      },
      {
        "date": "2018-06-27T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-12159",
        "ident": null
      },
      {
        "date": "2018-06-08T01:29:00.950000",
        "db": "NVD",
        "id": "CVE-2018-11228",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-935",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-926",
        "ident": null
      },
      {
        "date": "2018-09-24T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-1080",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-931",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-924",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-938",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-916",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-929",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-927",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-928",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-925",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-922",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-937",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-917",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-919",
        "ident": null
      },
      {
        "date": "2018-08-14T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-915",
        "ident": null
      },
      {
        "date": "2018-06-27T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-12159",
        "ident": null
      },
      {
        "date": "2019-05-02T14:48:44.913000",
        "db": "NVD",
        "id": "CVE-2018-11228",
        "ident": null
      }
    ]
  },
  "title": {
    "_id": null,
    "data": "Crestron Multiple Products CTP Console UPDATEPASSWORD Command Injection Remote Code Execution Vulnerability",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-935"
      }
    ],
    "trust": 0.7
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.