PT-2018-10016 · Crestron · Crestron Tsw-X60+1

Published

2018-08-10

Updated

2019-10-09

CVE-2018-10630

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Crestron TSW-X60 versions prior to 2.001.0037.001 Crestron MC3 versions prior to 1.502.0047.001

Description The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open.

Recommendations For Crestron TSW-X60 versions prior to 2.001.0037.001, enable authentication to secure the device. For Crestron MC3 versions prior to 1.502.0047.001, enable authentication to secure the device. As a temporary workaround, consider restricting access to the CTP console until authentication is enabled.

Fix

Improper Access Control

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-287

Related Identifiers

CVE-2018-10630

ZDI-18-932

Affected Products

Crestron Mc3

Crestron Tsw-X60

PT-2018-10016 · Crestron · Crestron Tsw-X60+1

CVE-2018-10630

Weakness Enumeration

Related Identifiers

Affected Products

References · 5