216.73.217.80

CVE-2026-7865

· Published 05/05/2026 16:16 · Modified 05/05/2026 16:16

Labels: CVE-2026-7865 2026-05-0525b0b659-c4b4-483f-aecb-067757d23ef3CVE-2026-7865CWE-88

Essential information

Published
05/05/2026 16:16
Modified
05/05/2026 16:16
Author
Creator
CVSS
7.4 HIGH (v3) 7.4 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument.  A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH console of Crestron devices may use to run underlying OS commands.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
25b0b659-c4b4-483f-aecb-067757d23ef3
NVD
View on NVD

Affected products (CPE)

ProductCPE
crestron / crestron device cpe:2.3:a:crestron:crestron_device:*:*:*:*:*:*:*:*

References