CVE-2019-3929

⚠ KEVEPSS 94.3%

Crestron Multiple Products Command Injection Vulnerability

Added to CISA KEV: 4/15/2022

Description

Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

Affected packages (0)

No package mapping in OSV.