CVE-2019-3929CISA KEV: Actively Exploited

Crestron Multiple Products Command Injection Vulnerability

Published Apr 15, 2022·Updated Apr 15, 2022

Description

Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

Public Exploits & PoCs1 found

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free