Crestron Electronics distributes this device globally. The typical installation is a corporate meeting space or control room. More information about the device is available at the vendor's website. The Crestron Digital Graphics Engine 100 (DGE-100), is a hardware controller used to connect a touchscreen interface (commonly, a Crestron TSD-2220 HD touchscreen display) to external sources over HDMI, USB, or Ethernet. Users should update their DGE-100 devices to the latest firmware version available here. DGE-100 devices running firmware versions 1.3384.00049.001 and lower with default configuration are vulnerable to CVE-2018-5553.ĬVE-2018-5553 is categorized as CWE-78 (Improper Neutralization of Special Elements used in an OS Command), and has a base CVSSv3 score of 9.8 (Critical). Due to a lack of input sanitization, this service is vulnerable to command injection that can be used to gain root-level access. This post describes CVE-2018-5553, a vulnerability in the Crestron Console service that is preinstalled on the DGE-100.