CVE-2026-7865
Awaiting Analysis Awaiting Analysis - Queue
Command Injection in Crestron Devices via SSH Console

Publication date: 2026-05-05

Last updated on: 2026-05-07

Assigner: Crestron Electronics, Inc.

Description
A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument.Β  A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH console of Crestron devices may use to run underlying OS commands.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-05
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7865
EUVD
EUVD-2026-27394
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
crestron tsw-570 3.003.0015
crestron tsw-770 3.003.0015
crestron tsw-1070 3.003.0015
crestron ts-770 3.003.0015
crestron ts-1070 3.003.0015
crestron tss-770 3.003.0015
crestron tss-1070 3.003.0015
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-88 The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7865 is a security vulnerability in certain Crestron touch screen devices where a hidden console command is susceptible to command injection. This happens when control characters are passed to the command's second argument, allowing attackers to execute arbitrary operating system commands.

The vulnerability arises from the way the console command is passed to a popen function call. An attacker with authenticated SSH console access to the affected Crestron devices can exploit this flaw to run underlying OS commands.

Affected devices include multiple Crestron touch screen models such as TSW-570, TSW-770, TSW-1070, TS-770, TS-1070, TSS-770, and TSS-1070 running firmware version 3.003.0015 or earlier.

Impact Analysis

This vulnerability can allow attackers with authenticated SSH access to execute arbitrary commands on the affected Crestron devices. This could lead to unauthorized control over the devices, modification of configurations, or access to sensitive data.

Such unauthorized access could compromise the integrity and confidentiality of the device and its data, potentially disrupting operations or enabling further attacks within the network.

The issue is especially critical for government models, which, despite having Wi-Fi, microphone, and Bluetooth disabled by default, may still be vulnerable through this attack vector.

To mitigate the risk, it is recommended to upgrade to the latest firmware version and implement proper network segmentation and access controls.

Mitigation Strategies

To mitigate the vulnerability CVE-2026-7865, it is recommended to upgrade the affected Crestron touch screen devices to the latest firmware version, as the issue is addressed in newer releases.

Additionally, ensure proper network segmentation and implement strict access controls to reduce exposure to attackers.

Compliance Impact

The provided information does not specify how CVE-2026-7865 affects compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability involves a hidden console command vulnerable to command injection when control characters are passed to its second argument, exploitable by attackers with authenticated SSH access to Crestron devices.

Detection would involve monitoring for unusual or unauthorized use of the console commands on affected Crestron devices, especially commands passed via SSH sessions.

Since the vulnerability is related to command injection through a popen function call triggered by console commands, one approach is to audit SSH logs for suspicious command patterns or control characters in command arguments.

However, no specific detection commands or signatures are provided in the available resources.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7865. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart