Security
Report a Vulnerability

Security at Crestron

Thousands of companies across hundreds of industries, government agencies, universities, and more have standardized on Crestron products. They trust and rely on Crestron to make their lives simpler and work/ education environments secure. Central to that success is Crestron's unwavering commitment to network security. Simply put, "If it's on the network, it must be secure." Clients need to know who and what is on their network.

Our Process

A secure system, of course, doesn't just happen. There are large number of considerations that need to be accounted for throughout the development process. Crestron allocates and dedicates resources to define the problem spaces and document the appropriate solutions.

Step 1 - Identifying risks that are applicable to the systems and identifying assumptions about the operating environment.

Step 2 - All source code is reviewed to ensure not only proper functionality, but also conformance to security guidelines.

Step 3 - Source code is subjected to scans using automated tools that review code for common errors and security holes.

Step 4 - A rigorous testing process is in place once the software/firmware is compiled and loaded into systems. Each night, the latest code is built and automated tests are run to ensure system stability. Included in these tests are standard network scanning tools to ensure there are no unauthorized ports, etc. which have been open.

Providing network security at the product level.

Enterprise IT departments categorize devices that don't support these features as a security risk.

  • AES Encryption - Ensures secure transmissions. The same protocol banks use to protect transactions on the Internet.
  • 802.1x Authentication - Ensures that every device on the network is explicitly authorized by the IT department.
  • Active Directory® - Centralized credential management ensures that only authorized users gain access.
  • NIAP & JITC Certifications - Crestron products have received approval by the Joint Interoperability Test Command (JITC) of the U.S. Department of Defense Information Systems Agency (DISA) and have been added to the Unified Capabilities (UC) Approved Products List (APL). Additionally, Crestron offers products that are NIAP/Common Criteria certified, ensuring they meet rigorous security standards.
  • PKI Authentication - Required when simple passwords are inadequate to confirm the identity of the parties involved in a particular action or communication, and to validate the information being transferred.
  • TLS - The most widely used security protocol, TLS provides privacy and data integrity between two applications communicating over a network.
  • SSH Network Protocol - Encrypts and protects communications, whereas Telnet, used in other Network AV products, does not.
  • HTTPS - The secure version of HTTP, HTTPS encrypts the data sent between your web browser and the website you're connected to, ensuring the privacy and integrity of the exchanged data. The "S" at the end of HTTPS stands for "Secure."
  • Secure CIP - Ensures communications between Crestron control processors and DM NVX devices are secure.

Resources & Documentation

Updated: 4/24/2025

The documents below describe in-depth the steps needed to secure a Crestron installation. These documents assume the reader has a basic understanding of security functions and protocols.

Security Reference Guide: Crestron Videobar 70
Security Reference Guide: DGE-1000
Security Reference Guide: IV-SAM-VX2 Series
Security Reference Guide: ZUM-HUB4
Security Reference Guide: TSS-470E
Security Reference Guide: TST-1080
Security Reference Guide: IV-SAM-VXN-1B, IV-SAM-VXP-1B, and IV-SAM-VXS-1B
Security Reference Guide: TS-70 and TSW-70 Series Touch Screens
Security Reference Guide: HTML5 Web XPanel
Security Reference Guide: Crestron Fusion® Cloud Service Software Application
Security Reference Guide: Crestron Residential Systems
Security Reference Guide: DM NVX® and DM NAX® AV-over-IP Distribution Systems
Security Reference Guide: 3-Series® Control Systems
Security Reference Guide: Crestron System Architecture
Security Reference Guide: Crestron Touch Screens
Security Reference Guide: Crestron XiO Cloud® Service
Security Reference Guide: SSL Multi-Domain Certificate and 3-Series
Security Reference Guide: IP Guidelines for the IT Professional
Security Reference Guide: AirMedia® Presentation Gateway Deployment
Security Reference Guide: Crestron Flex UC-ENGINE
Security Reference Guide: Crestron Flex Care Cloud Connect Service
Security Reference Guide: 4-Series® Control Systems
Security Reference Guide: Crestron Flex Phones
Security Reference Guide: Crestron Go App
Security Reference Guide: Crestron Virtual Control Server Software

Crestron Toolbox Help Files

Security Audit Tool
Authentication
SSL Management
802.1X / Certificate Deployment

MyCrestron.com

Dynamic DNS Service

Support

Crestron Support Center
Report a Product Vulnerability
Control Subnet - Getting Started & NAT / Port Mapping (OLH 1000110; 6/26/18)
Enable Authentication Example Script

Additional Resources

JITC Certified Products
Compliance Documentation
Accessibility Conformance Information

Security Advisories

Vulnerability:

CVE-2025-27840 Espressif ESP32 chips

Updated Date:

5/8/2025 12:00:00 AM

Threat:

CVE-2025-27840 is a vulnerability found in Espressif ESP32 chips. This vulnerability allows for 29 hidden HCI (Host Controller Interface) commands, such as the command 0xFC02, which can write to memory. These hidden commands are not part of the official documentation and can provide deep access to the chip's memory, flash, and Bluetooth internals. 

The vulnerability has a CVSS (Common Vulnerability Scoring System) score of 6.8 [CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L], which is considered medium severity. It requires physical access to exploit [AV:P], meaning it cannot be exploited remotely via Bluetooth. The hidden functionality is categorized under CWE-912, which refers to hidden functionality that is not documented or accessible through obvious interfaces. 

Identifier:

This vulnerability has been classified as CVE-2025-27840.

 

How is Crestron Affected:

The DSS-100 device uses ESP32-WROVER-E-N8R8 chip and uses it for BLE communication, and is part of the base ESP32 family and is affected by this issue 

The DSS-100 uses Bluetooth only during setup of the Wi-Fi network and disables Bluetooth once that is complete. This limits exposure considerably.  

The DSS-100 does not run in “host mode” and Crestron disables the serial port, so the only way to exploit the issue is to compromise the system at the kernel/driver level. If an attacker already has this level of access to the device, then the debug commands in this vulnerability will not further compromise it.  

The CVE-2025-27840 can be exploited only via physical serial communication to the esp32 chip. The UART serial ports on the DSS-100 board do not provide access to the esp32 chip.  

In conclusion, there is no clear way for an actual exploit to occur on the DSS-100 without an attacker already having more access than the exploit itself will provide. 

Resources:

ESP32 updated firmware is awaited which removes access to these commands at the lowest level, which will prevent using these debug commands even in “host mode”.  
Powered by Translations.com GlobalLink Web SoftwarePowered by GlobalLink Web