CVE-2024-9441

Linear eMerge e3-Series Forgot Password Command Injection

CVSS 9.8 CRITICALEPSS 53.7%CWE-78

The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Linear · eMerge e3-Series

public PoCs found — 4

githubgithub.com/p33d/CVE-2024-9441★ 6 githubgithub.com/adhikara13/CVE-2024-9441★ 2 githubgithub.com/jk-mayne/CVE-2024-9441-Checker★ 0 cve_referencessd-disclosure.com/ssd-advisory-nortek-linear-emerge-e3-pre-auth-rce/unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://ssd-disclosure.com/ssd-advisory-nortek-linear-emerge-e3-pre-auth-rce/https://vulncheck.com/advisories/linear-emerge-forgot-password