High severityNVD Advisory· Published Sep 3, 2025· Updated Apr 15, 2026
CVE-2025-47421
CVE-2025-47421
Description
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001.
A specially crafted SCP command sent via SSH login string can lead a valid administrator user to gain Privileged Operating System access on the device.
Following Products Models are affected:
TSW-x70 TSW-x60 TST-1080 AM-3000/3100/3200 Soundbar VB70 HD-PS622/621/402 HD-TXU-RXU-4kZ-211 HD-MDNXM-4KZ-E
*Note: additional firmware updates will be published once made available
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: >=3.001.0031.001 <=3.001.0034.001
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.