cbcvebase.
CVE-2018-11228
published 2018-06-08

CVE-2018-11228: Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a…

PriorityP269critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
7.58%
93.8th percentile
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).

Affected

1 ranges
VendorProductVersion rangeFixed in
crestroncrestron_toolbox_protocol_firmware< 2.001.0037.0012.001.0037.001

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2018-11228 exploits an unauthenticated remote code execution path via a Bash shell service exposed through the Crestron Toolbox Protocol (CTP). Detection should focus on unexpected CTP connections to TSW-X60 devices, especially those invoking shell commands.
  • The attack requires no authentication, no user interaction, and no privileges — any network-reachable CTP service on affected TSW-X60 devices (firmware prior to 2.001.0037.001) should be treated as a high-risk exposure. Alert on unauthenticated CTP sessions that execute OS-level commands.
  • Devices are shipped with authentication disabled on the CTP console, meaning no credential-based detection is possible. Monitor for any open CTP console access as an indicator of potential compromise.
  • ·Vulnerability is confirmed only on TSW-X60 family devices running firmware versions prior to 2.001.0037.001. MC3 devices are NOT affected by CVE-2018-11228 specifically.
  • ·No known public exploits were available at the time of advisory publication, which may limit signature-based detection opportunities.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.