CVE-2019-3929
Crestron Multiple Products Command Injection Vulnerability
CVSS
—
No CVSS
EPSS
99.0%
p100
KEV
YES
Apr 15, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
99.0%EPSS · 30 days99.0%
2026-06-302026-07-16
Product
Crestron / Multiple Products
Vulnerability
Crestron Multiple Products Command Injection Vulnerability
Added to KEV
Apr 15, 2022
Remediate by
May 6, 2022
Known ransomware use
No
Summary description
Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-3929
No related CVEs by CWE or product.