CVE-2025-47421— Privilege escalation via SCP login
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-47421
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Privilege escalation via SCP login
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001. A specially crafted SCP command sent via SSH login string can lead a valid administrator user to gain Privileged Operating System access on the device. Following Products Models are affected: TSW-x70 TSW-x60 TST-1080 AM-3000/3100/3200 Soundbar VB70 HD-PS622/621/402 HD-TXU-RXU-4kZ-211 HD-MDNXM-4KZ-E *Note: additional firmware updates will be published once made available
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
参数注入或修改
Source: NVD (National Vulnerability Database)
Vulnerability Title
CRESTRON TOUCHSCREENS x70 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CRESTRON TOUCHSCREENS x70是美国CRESTRON公司的一款交互触摸显示器。 CRESTRON TOUCHSCREENS x70 3.001.0031.001至3.001.0034.001版本存在安全漏洞,该漏洞源于参数分隔符中和不当,可能导致参数注入攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| CRESTRON | TOUCHSCREENS x70 | 3.001.0031.001 ~ 3.001.0034.001 | - |
II. Public POCs for CVE-2025-47421
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-47421
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-88
- CVE-2026-45181
IDA Pro 9.2/9.3插件目录代码注入漏洞 - CVE-2026-42601
ArchiveBox Vulnerable to RCE via unvalidated per-crawl confi - CVE-2026-43941
Unvalidated shell.openExternal in electerm allows arbitrary - CVE-2026-42284
GitPython: Unsafe option check validates multi_options befor - CVE-2026-40281
Gotenberg vulnerable to argument injection via newlines in E
V. Comments for CVE-2025-47421
No comments yet