Security Advisory

CVE-2025-47421

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-03 13:49:40

Last updated 2025-09-03 13:59:32

Assigner Crestron

State PUBLISHED

Description

Improper Neutralization of Argument Delimiters in a Command (Argument Injection) vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001. A specially crafted SCP command sent via SSH login string can lead a valid administrator user to gain Privileged Operating System access on the device. Following Products Models are affected: TSW-x70 TSW-x60 TST-1080 AM-3000/3100/3200 Soundbar VB70 HD-PS622/621/402 HD-TXU-RXU-4kZ-211 HD-MDNXM-4KZ-E *Note: additional firmware updates will be published once made available

← Browse all CVEs View on cve.org ↗