If you suspect that you have discovered a security vulnerability in a supported Crestron product, please let us know by filling out the form below. The Crestron Security Team will respond to and investigate your report.
However, before you report a vulnerability, please review the following information.
-
Is this problem a vulnerability or a technical support inquiry?
A vulnerability is generally defined as a flaw which would allow a bad actor to gain access to information or capabilities which they would otherwise not be authorized. Many security features of Crestron products require configuration both on the Crestron device and potentially of network services.
To ensure that your product is properly configured please see the guides on the
Resources & Documentation tab above.
If you need assistance to configure and use security features, please contact us via the
Crestron Support Center. The Crestron Security Team cannot provide technical support.
-
How will Crestron handle my report?
Crestron does not disclose, discuss, or confirm security issues until we have completed our investigation and any necessary updates are generally available.
Crestron uses the Security Advisory page to publish information about security fixes in our products.
-
Please ensure that the following information is included.
- The specific product and software/firmware versions which you believe are affected.
- A description of the observed and expected behavior.
- Any information about how the product and environment are configured.
- A list of steps necessary to reproduce the issue.
- If you are reporting a concern regarding the results of an automated scan, please
include the original scan results.
You will receive an automated email response when your report has been received. Please respond to this email if any further correspondence on the issue is required. Filling out the form below will register you to receive subsequent status updates when available regarding the reported vulnerability.