CVE-2026-7865— Hidden Console Command
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-7865
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hidden Console Command
Source: NVD (National Vulnerability Database)
Vulnerability Description
A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH console of Crestron devices may use to run underlying OS commands.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
参数注入或修改
Source: NVD (National Vulnerability Database)
Vulnerability Title
Crestron Touchpanels 参数注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Crestron Touchpanels是美国Crestron公司的一系列用于企业会议室调度、视听系统控制以及智能建筑自动化的智能网络触摸屏设备。 Crestron Touchpanels存在参数注入漏洞,该漏洞源于隐藏控制台命令在传递控制字符时存在命令注入缺陷,可能导致经过身份验证的攻击者通过SSH控制台访问运行底层操作系统命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Crestron Electronics | Touchpanels (x60/x70) | 3.002.0043.001 ~ 3.003.0015.001 | - |
II. Public POCs for CVE-2026-7865
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-7865
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-88
- CVE-2026-45181
IDA Pro 9.2/9.3插件目录代码注入漏洞 - CVE-2026-42601
ArchiveBox Vulnerable to RCE via unvalidated per-crawl confi - CVE-2026-43941
Unvalidated shell.openExternal in electerm allows arbitrary - CVE-2026-42284
GitPython: Unsafe option check validates multi_options befor - CVE-2026-40281
Gotenberg vulnerable to argument injection via newlines in E
V. Comments for CVE-2026-7865
No comments yet