CVE-2025-47421
BaseFortify
Publication date: 2025-09-03
Last updated on: 2025-09-04
Assigner: Crestron Electronics, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| crestron | soundbar_vb70 | * |
| crestron | tst_1080 | * |
| crestron | hd_ps622 | * |
| crestron | hd_ps621 | * |
| crestron | hd_txu_rxu_4kz_211 | * |
| crestron | touchscreens_x70 | 3.001.0034.001 |
| crestron | am_3000 | * |
| crestron | tsw_x60 | * |
| crestron | tsw_x70 | * |
| crestron | touchscreens_x70 | 3.001.0031.001 |
| crestron | hd_ps402 | * |
| crestron | hd_mdnxm_4kz_e | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-88 | The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Argument Injection issue in CRESTRON TOUCHSCREENS x70 devices. It occurs due to improper neutralization of argument delimiters in commands, allowing a specially crafted SCP command sent via SSH login string to enable a valid administrator user to gain privileged operating system access on the device.
How can this vulnerability impact me? :
An attacker who is a valid administrator can exploit this vulnerability to gain privileged operating system access on the affected device. This elevated access can allow the attacker to execute unauthorized commands, potentially compromising the device's security and control.