CVE-2019-7256

CRITICAL KEV NUCLEI

Linear eMerge E3-Series - Command Injection

Title source: llm

Description

Linear eMerge E3-Series devices allow Command Injections.

Exploits (2)

exploitdb WORKING POC

by LiquidWorm · pythonwebappshardware

https://www.exploit-db.com/exploits/47619

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/linear_emerge_unauth_rce_cve_2019_7256.rb

View Code ZIP pw:eip

Nuclei Templates (1)

eMerge E3 1.00-06 - Remote Code Execution

CRITICALVERIFIEDby pikpikcu

Shodan: title:"eMerge" || http.title:"emerge"

FOFA: title="emerge"

References (7)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/155255/Linear-eMerge-E3-1.00-06-card_scan.php-Command-Injection.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_decoder.php-Command-Injection.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-Command-Injection.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.html

[Not Applicable] https://applied-risk.com/labs/advisories

[Third Party Advisory] https://www.applied-risk.com/resources/ar-2019-005

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-7256

Scores

CVSS v3 9.8

EPSS 0.9440

EPSS Percentile 100.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2024-03-25

VulnCheck KEV 2020-02-01

InTheWild.io 2020-02-01

ENISA EUVD EUVD-2019-16800

CWE

CWE-78

Status published

Products (2)

nortekcontrol/linear_emerge_elite_firmware < 1.00-06

nortekcontrol/linear_emerge_essential_firmware < 1.00-06

Published Jul 02, 2019

KEV Added Mar 25, 2024

Tracked Since Feb 18, 2026