CVE-2018-10630
First published: Thu Aug 09 2018(Updated: )
For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Crestron Tsw-x60 Firmware | <2.001.0037.001 | |
| Crestron Tsw-1060-b-s | ||
| Crestron Tsw-1060-nc-b-s | ||
| Crestron Tsw-1060-nc-w-s | ||
| Crestron Tsw-1060-w-s | ||
| Crestron Tsw-560-b-s | ||
| Crestron Tsw-560-nc-b-s | ||
| Crestron Tsw-560-nc-w-s | ||
| Crestron Tsw-560-w-s | ||
| Crestron Tsw-760-b-s | ||
| Crestron Tsw-760-nc-b-s | ||
| Crestron Tsw-760-nc-w-s | ||
| Crestron Tsw-760-w-s | ||
| Crestron Mc3 Firmware | <1.502.0047.001 | |
| Crestron Mc3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-10630?
CVE-2018-10630 is a vulnerability in Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001.
What is the severity of CVE-2018-10630?
CVE-2018-10630 has a severity rating of 9.8 (critical).
How does CVE-2018-10630 affect Crestron TSW-X60?
CVE-2018-10630 affects Crestron TSW-X60 devices with version prior to 2.001.0037.001 by leaving the access to the CTP console open when compromised.
How does CVE-2018-10630 affect Crestron MC3?
CVE-2018-10630 affects Crestron MC3 devices with version prior to 1.502.0047.001 by leaving the access to the CTP console open when compromised.
How can I fix CVE-2018-10630?
To fix CVE-2018-10630, users need to enable authentication on Crestron TSW-X60 devices with version prior to 2.001.0037.001 and MC3 devices with version prior to 1.502.0047.001.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/crestron
- canonical/crestron tsw-x60 firmware
- canonical/crestron tsw-1060-b-s
- canonical/crestron tsw-1060-nc-b-s
- canonical/crestron tsw-1060-nc-w-s
- canonical/crestron tsw-1060-w-s
- canonical/crestron tsw-560-b-s
- canonical/crestron tsw-560-nc-b-s
- canonical/crestron tsw-560-nc-w-s
- canonical/crestron tsw-560-w-s
- canonical/crestron tsw-760-b-s
- canonical/crestron tsw-760-nc-b-s
- canonical/crestron tsw-760-nc-w-s
- canonical/crestron tsw-760-w-s
- canonical/crestron mc3 firmware
- canonical/crestron mc3