All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2019-3929
NONEKEVpublish date unavailable
CVSS / 10
// description
Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
// required action (CISA KEV)
Apply updates per vendor instructions.
added 2022-04-15 00:00 UTC