CVE-2019-3929 - Crestron Multiple Products Command Injection Vulnerability
Project:Crestron
Product:Multiple Products
Date Added:2022-04-15Due Date:2022-05-06
Vulnerability Name
Crestron Multiple Products Command Injection Vulnerability
Description
Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-3929