Vulnerability Description
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001. A specially crafted SCP command sent via SSH login string can lead a valid administrator user to gain Privileged Operating System access on the device. Following Products Models are affected: TSW-x70 TSW-x60 TST-1080 AM-3000/3100/3200 Soundbar VB70 HD-PS622/621/402 HD-TXU-RXU-4kZ-211 HD-MDNXM-4KZ-E *Note: additional firmware updates will be published once made available
Related Weaknesses (CWE)
References
- https://https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-T
- https://https://www.crestron.com/release_notes/tsw-xx70_3.002.0040.001_release_n
- https://security.crestron.com
FAQ
What is CVE-2025-47421?
CVE-2025-47421 is a documented vulnerability. Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001....
How severe is CVE-2025-47421?
CVSS scoring is not yet available for CVE-2025-47421. Check NVD for updates.
Is there a patch for CVE-2025-47421?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.