5.9
CVE-2025-47416
- EPSS 0.08%
- Published 09.09.2025 13:52:45
- Last modified 09.09.2025 16:28:43
- Source 25b0b659-c4b4-483f-aecb-067757
- Teams watchlist Login
- Open Login
A vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc. so imported by ctpd that may lead to unauthorized execution of an attacker-defined file that gets prioritized by the ConsoleFindCommandMatchList. A third-party researcher discovered that the ConsoleFindCommandMatchList enumerates the /dev/shm/symproc/c directory in alphabetical order to identify console commands. Permission levels are inferred from the integer values present in each command's file name. Confirmed Affected Hardware: TSW-760, TSW-1060 Confirmed Affected Firmware: 3.002.1061 Fixed Firmware: no fixed released (product is discontinued and end of life) For x70 The Affected Firmware:- 3.000.0110.001 and versions below The Fixed Firmware:- 3.001.0031.001
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorCRESTRON
≫
Product
TOUCHSCREEN x70
Default Statusunaffected
Version <
3.001.0031.001
Version
3.000.0110.001
Status
affected
VendorCRESTRON
≫
Product
Touchscreen x60s
Default Statusunaffected
Version
3.002.1061
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.249 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| 25b0b659-c4b4-483f-aecb-067757d23ef3 | 5.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-697 Incorrect Comparison
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.