CVE-2018-11228

Name of the Vulnerable Software and Affected Versions Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices versions prior to 2.001.0037.001

Description The issue allows unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP). This is due to command injection vulnerabilities in various CTP Console commands, including RESTARTSERVICE, ROUTEDELETE, MAKEDIR, FGETFILE, REMOVEDIR, UPDATEPASSWORD, WIFIWEPPASSWORD, DIR, FPUTFILE, DELETE, CD, WIFISSID, WIFIPSKPASSWORD, ISDIR, ROUTEADD, UDIR, ADDUSER, MOVEFILE, COPYFILE, EDIDMUX, and WIFIWEPHEXPASSWORD.

Recommendations For Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices versions prior to 2.001.0037.001, update to version 2.001.0037.001 or later to resolve the issue. As a temporary workaround, consider disabling the Bash shell service in Crestron Toolbox Protocol (CTP) until a patch is available. Restrict access to the CTP Console commands to minimize the risk of exploitation. Avoid using the vulnerable CTP Console commands until the issue is resolved.