← ExploitWatch
HomeExploited Vulnerabilities

CVE-2019-3929 — Actively Exploited: Multiple Products (Crestron)

Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

CVE IDCVE-2019-3929
VendorCrestron
ProductMultiple Products
Vulnerability nameCrestron Multiple Products Command Injection Vulnerability
Date added2022-04-15
Remediation due2022-05-06
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionMultiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →