Published: 08/06/2018 Updated: 02/05/2019

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 891

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Subscribe to Crestron Toolbox Protocol Firmware

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices prior to 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).

Vulnerable Product	Search on Vulmon	Subscribe to Product
crestron crestron_toolbox_protocol_firmware

Tool to exploit CVE-2018-13341 and recover hidden account password on Crestron devices

crestron_getsudopwd Based on Ricky Lawshae discovery on Crestron TSW-X60 and MC3 devices, this tool aims to exploit the CVE-2018-13341 Using the MAC address of the targeted device, you can recover the password of the "crengsuperuser" hidden account which has elevated privileges and allow you to run SUDO commands Description On Crestron TSW-X60 < 2001003700

This Tool Aims to Exploit the CVE-2018-13341

CVE-2018-13341 This Tool Aims to Exploit the CVE-2018-13341, By Using the MAC address of the targeted device, you can recover the password of the "crengsuperuser" hidden account which has elevated privileges and allow you to run SUDO commands The Crestron Toolbox Protocol (CTP) can be connected to by accessing port 41795 on the TSW-XX60 device # nc -C wxyz 41795

CWE-94 https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01 http://www.securityfocus.com/bid/105051 https://nvd.nist.gov https://github.com/axcheron/crestron_getsudopwd

CVE-2018-11228

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect