CVE-2026-7865
Command Injection in Crestron Devices via SSH Console
Publication date: 2026-05-05
Last updated on: 2026-05-05
Assigner: Crestron Electronics, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| crestron | tsw-570 | 3.003.0015 |
| crestron | tsw-770 | 3.003.0015 |
| crestron | tsw-1070 | 3.003.0015 |
| crestron | ts-770 | 3.003.0015 |
| crestron | ts-1070 | 3.003.0015 |
| crestron | tss-770 | 3.003.0015 |
| crestron | tss-1070 | 3.003.0015 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-88 | The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7865 is a security vulnerability in certain Crestron touch screen devices where a hidden console command is susceptible to command injection. This happens when control characters are passed to the command's second argument, allowing attackers to execute arbitrary operating system commands.
The vulnerability arises from the way the console command is passed to a popen function call. An attacker with authenticated SSH console access to the affected Crestron devices can exploit this flaw to run underlying OS commands.
Affected devices include multiple Crestron touch screen models such as TSW-570, TSW-770, TSW-1070, TS-770, TS-1070, TSS-770, and TSS-1070 running firmware version 3.003.0015 or earlier.
How can this vulnerability impact me? :
This vulnerability can allow attackers with authenticated SSH access to execute arbitrary commands on the affected Crestron devices. This could lead to unauthorized control over the devices, modification of configurations, or access to sensitive data.
Such unauthorized access could compromise the integrity and confidentiality of the device and its data, potentially disrupting operations or enabling further attacks within the network.
The issue is especially critical for government models, which, despite having Wi-Fi, microphone, and Bluetooth disabled by default, may still be vulnerable through this attack vector.
To mitigate the risk, it is recommended to upgrade to the latest firmware version and implement proper network segmentation and access controls.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability CVE-2026-7865, it is recommended to upgrade the affected Crestron touch screen devices to the latest firmware version, as the issue is addressed in newer releases.
Additionally, ensure proper network segmentation and implement strict access controls to reduce exposure to attackers.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how CVE-2026-7865 affects compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a hidden console command vulnerable to command injection when control characters are passed to its second argument, exploitable by attackers with authenticated SSH access to Crestron devices.
Detection would involve monitoring for unusual or unauthorized use of the console commands on affected Crestron devices, especially commands passed via SSH sessions.
Since the vulnerability is related to command injection through a popen function call triggered by console commands, one approach is to audit SSH logs for suspicious command patterns or control characters in command arguments.
However, no specific detection commands or signatures are provided in the available resources.