Primary

Context

Crestron Touch Panels ConsoleFindCommandMatchList Vulnerability Allowing Unauthorized File Execution

Vulnerability

A vulnerability in the ConsoleFindCommandMatchList function of libsymproc.so, imported by ctpd, has been identified in certain Crestron touch panels. This vulnerability may allow unauthorized execution of a file defined by an attacker, based on how the ConsoleFindCommandMatchList prioritizes file enumeration. The affected touch panels include the TSW-760 and TSW-1060 models, running firmware versions 3.002.1061, 3.000.0110.001, and earlier versions of 3.000.0110.001 for the x70 series.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of files, potentially allowing attackers to execute malicious commands or scripts on the affected device.

Added: Sep 9, 2025, 2:18 PM

Updated: Sep 9, 2025, 4:47 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

3.5

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

3.5

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Crestron Touch Panels ConsoleFindCommandMatchList Vulnerability Allowing Unauthorized File Execution

Vulnerability

Impact

Affected Products

Crestron TSW-760

Crestron TSW-1060

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating