Login Sign Up

CVE-2018-10630

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

Crestron TSW-X60 and MC3 devices ship with authentication disabled by default, leaving the CTP console unprotected. Attackers can gain unauthorized access to these industrial control systems without credentials. This affects users who haven't manually enabled authentication on affected versions.

💻 Affected Systems

Products:
  • Crestron TSW-X60
  • Crestron MC3
Versions: TSW-X60 prior to 2.001.0037.001, MC3 prior to 1.502.0047.001
Operating Systems: Embedded Crestron OS
Default Config Vulnerable: ⚠️ Yes
Notes: Devices ship with authentication disabled by default with no user notification about this security risk.

📦 What is this software?

Mc3 Firmware by Crestron

View all CVEs affecting Mc3 Firmware →

Tsw X60 Firmware by Crestron

View all CVEs affecting Tsw X60 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial control systems allowing attackers to manipulate building automation, security systems, or other critical infrastructure controlled by these devices.

🟠

Likely Case

Unauthorized access to device configuration and control interfaces, potentially enabling surveillance, data theft, or disruption of automated systems.

🟢

If Mitigated

Minimal impact if authentication is properly enabled and strong credentials are configured.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires no authentication or special tools - simply accessing the unprotected console interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: TSW-X60: 2.001.0037.001 or later, MC3: 1.502.0047.001 or later

Vendor Advisory: https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01

Restart Required: Yes

Instructions:

1. Download firmware update from Crestron support portal. 2. Apply update via device web interface or Crestron Toolbox. 3. Reboot device. 4. Enable authentication in device settings.

🔧 Temporary Workarounds

Enable Authentication

all

Manually enable authentication on affected devices immediately

Network Segmentation

all

Isolate Crestron devices on separate VLAN with strict firewall rules

🧯 If You Can't Patch

  • Immediately enable authentication in device settings
  • Isolate devices from internet and restrict network access to trusted IPs only

🔍 How to Verify

Check if Vulnerable:

Check device web interface for authentication requirement when accessing CTP console

Check Version:

Check via device web interface or Crestron Toolbox software

Verify Fix Applied:

Verify firmware version meets minimum requirements and authentication is required for console access

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated access attempts to CTP console
  • Configuration changes without authentication logs

Network Indicators:

  • Unusual traffic to Crestron device ports (typically 41794, 41795)
  • Access from unauthorized IP addresses

SIEM Query:

source_ip=* AND dest_port IN (41794, 41795) AND NOT auth_success=true

📊 Metadata

CVE ID: CVE-2018-10630
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-284
Published: August 10, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-10630, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)