Frank Slezak

**Name of the Vulnerable Software and Affected Versions** CRESTRON TOUCHSCREENS x70 versions 3.001.0031.001 through 3.001.0034.001 **Description** An improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability exists in CRESTRON TOUCHSCREENS x70. A specially crafted SCP command sent via SSH login string can allow a valid administrator user to gain privileged operating system access on the device. Affected product models include TSW-x70, TSW-x60, TST-1080, AM-3000/3100/3200, Soundbar VB70, HD-PS622/621/402, HD-TXU-RXU-4kZ-211, and HD-MDNXM-4KZ-E. **Recommendations** Update to a version later than 3.001.0034.001.