Rapid7 researchers disclosed a command injection vulnerability that can be exploited to gain root-level access to the Crestron console service and allow adversaries to control commands that are being executed on the system. The vulnerability, CVE-2018-5553, is considered critical, having a base CVSSv3 scored of 9.8. Crestron Electronics said it took immediate action to create updates to remediate this concern and has no evidence of any customers being impacted by the issue”]
Source: https://www.csoonline.com/article/3281384/crestron-console-service-has-critical-vulnerability.html