CVE-2019-7254
HIGH EXPLOITED NUCLEILinear eMerge E3-Series - Path Traversal
Title source: llmExploitation Summary
CVE-2019-7254 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including LiquidWorm. A Nuclei detection template is also available.
AI-analyzed exploit summary This exploit demonstrates an unauthenticated directory traversal vulnerability in eMerge E3 1.00-06, allowing an attacker to read arbitrary files (e.g., /etc/passwd) via path traversal sequences in HTTP GET requests.
Description
Linear eMerge E3-Series devices allow File Inclusion.
Exploits (2)
This exploit demonstrates an unauthenticated directory traversal vulnerability in eMerge E3 1.00-06, allowing an attacker to read arbitrary files (e.g., /etc/passwd) via path traversal sequences in HTTP GET requests.
This exploit demonstrates a privilege escalation vulnerability in eMerge E3 1.00-06 by sending a crafted POST request to update a user's role to administrator (UserRole=1). It also includes a disclosure request to list users, confirming the escalation.
Nuclei Templates (1)
http.title:"emerge"
title="emerge"
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N