cbcvebase.
CVE-2018-11229
published 2018-06-08

CVE-2018-11229: Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via…

PriorityP270critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
5.71%
92.1th percentile
Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP).

Affected

1 ranges
VendorProductVersion rangeFixed in
crestroncrestron_toolbox_protocol_firmware< 2.001.0037.0012.001.0037.001

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2018-11229 exploits unauthenticated remote code execution via command injection in the Crestron Toolbox Protocol (CTP). Monitor for unexpected or malicious commands sent over the CTP console to TSW-X60 devices.
  • CTP operates without authentication by default on affected devices. Detect unauthenticated CTP sessions as a potential indicator of exploitation or pre-exploitation reconnaissance.
  • Exploitation is remotely achievable with low skill level. Alert on any external/internet-facing network connections to Crestron TSW-X60 devices, particularly to CTP service ports.
  • ·CVE-2018-11229 affects only TSW-X60 devices (TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, TSW-560-NC) running firmware versions prior to 2.001.0037.001. MC3 devices are not affected by this specific CVE.
  • ·No known public exploits specifically targeting CVE-2018-11229 were identified at the time of advisory publication.
  • ·A related but distinct CVE (CVE-2018-11228) covers a Bash shell service injection vector in CTP on the same device family; ensure detection logic distinguishes between the two command injection paths.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.