← back
CVE-2019-7256

CVE-2019-7256

CVSS 9.8 CRITICALEPSS 97.1%● KEVCWE-78
In short

Linear eMerge E3-Series devices allow attackers to inject and execute arbitrary system commands, potentially giving complete control over the device and the access systems it manages.

Technical detail

Command injection vulnerability in Linear eMerge E3-Series devices allows unauthenticated remote attackers to inject arbitrary OS commands via improperly sanitized input parameters. Exploitation results in arbitrary code execution with device privileges, compromising authentication and access control systems.

Summary generated and translated by AI from the official description.
Linear eMerge E3-Series devices allow Command Injections.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found5
cve_referencepacketstormsecurity.com/files/155255/Linear-eMerge-E3-1.00-06-card_scan.php-Command-Injection.htmlunverifiedcve_referencepacketstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_decoder.php-Command-Injection.htmlunverifiedcve_referencepacketstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-Command-Injection.htmlunverifiedcve_referencepacketstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47619unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/155255/Linear-eMerge-E3-1.00-06-card_scan.php-Command-Injection.htmlhttp://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_decoder.php-Command-Injection.htmlhttp://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-Command-Injection.htmlhttp://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.htmlhttps://applied-risk.com/labs/advisorieshttps://www.applied-risk.com/resources/ar-2019-005https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7256