CVE-2026-7865

UNKNOWN 0.0

Hidden Console Command

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH console of Crestron devices may use to run underlying OS commands.

CWE	CWE-88
Vendor	crestron electronics
Product	touchpanels (x60/x70)
Published	May 5, 2026

Stay Ahead of the Next One

Get instant alerts for crestron electronics touchpanels (x60/x70)

Be the first to know when new unknown vulnerabilities affecting crestron electronics touchpanels (x60/x70) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Crestron Electronics / Touchpanels (x60/x70)

3.002.0043.001 ≤ 3.003.0015.001

References

NVD ↗ CVE.org ↗ EPSS Data ↗

crestron.com: https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-003-0015-001 crestron.com: https://www.crestron.com/release_notes/tsw-xx70_3.003.0015.001_release_notes.pdf