Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2025-47421

Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
03/09/2025
Last modified:
04/09/2025

Description

Improper Neutralization of Argument Delimiters in a Command (&amp;#39;Argument Injection&amp;#39;) vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001.<br /> <br /> A specially crafted SCP command sent via SSH login string can lead a valid administrator user to gain Privileged Operating System access on the device.<br /> <br /> <br /> Following Products Models are affected:<br /> <br /> TSW-x70 <br /> TSW-x60 <br /> TST-1080<br /> AM-3000/3100/3200<br /> Soundbar VB70<br /> HD-PS622/621/402<br /> HD-TXU-RXU-4kZ-211<br /> HD-MDNXM-4KZ-E<br /> <br /> *Note: additional firmware updates will be published once made available

Impact

Vector 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS v4.0 Severity and Metrics:

Base Score: 8.60 HIGH
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): High
User Interaction (UI): None
Confidentiality (VC): High
Integrity (VI): High
Availability (VA): High
Confidentiality (SC): None
Integrity (SI): None
Availability (SA): None

Base Score 4.0
8.60
Severity 4.0
HIGH

References to Advisories, Solutions, and Tools