Published: 02/07/2019 Updated: 26/03/2024

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9

VMScore: 892

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Linear eMerge E3-Series devices allow Command Injections.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nortekcontrol linear_emerge_essential_firmware
nortekcontrol linear_emerge_elite_firmware

Critical Infrastructure Sectors: Commercial Facilities

Linear eMerge E3 versions 100-06 and below unauthenticated command injection remote root exploit that leverages card_scanphp ...

Linear eMerge E3 versions 100-06 and below unauthenticated command injection remote root exploit that leverages card_scan_decoderphp ...

This Metasploit module exploits a command injection vulnerability in the Linear eMerge E3-Series Access Controller The Linear eMerge E3 versions 100-06 and below are vulnerable to unauthenticated command injection in card_scan_decoderphp via the No and door HTTP GET parameter Successful exploitation results in command execution as the root user ...

CWE-78 https://applied-risk.com/labs/advisories https://www.applied-risk.com/resources/ar-2019-005 http://packetstormsecurity.com/files/155255/Linear-eMerge-E3-1.00-06-card_scan.php-Command-Injection.html http://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_decoder.php-Command-Injection.html http://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-Command-Injection.html http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.html https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01

CVE-2019-7256

Vulnerability Summary

Vulnerability Trend

ICS Advisories

Exploits

References

Vulmon Search

About

Products

Connect