CVE-2019-3929: Crestron Multiple Products Command Injection Vulnerability.
Crestron Multiple Products Command Injection Vulnerability. Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
- CISA KEV-listed (remediation due 2022-05-06)
- EPSS 94.3% (99.9% percentile)