Crestron console service has critical vulnerability

Rapid7 researchers disclosed a command injection vulnerability that can be exploited to gain root-level access to the Crestron console service and allow adversaries to control commands that are being executed on the system.

Crestron Electronics is a provider of advanced control and automation solutions for the office, campus and home, ranging from home security systems, to audio and video distribution, to building and enterprise management systems. Affected devices, according to Crestron, are the DGE-100, DM-DGE-200-C, and TS-1542-C. The minimum firmware version to address this vulnerability is 1.3384.00059.001.

Read more about the Crestron flaw that can be used to gain root-level access and give attackers the ability to control commands being executed on the system on CSO.

Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief