CVE-2019-7256

CRITICAL KEV NUCLEI

Linear eMerge E3-Series - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2019-7256 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 25, 2024. EIP tracks 2 public exploits from researchers including LiquidWorm, including a Metasploit module exploits/linux/http/linear_emerge_unauth_rce_cve_2019_7256. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in eMerge E3 1.00-06 via the 'ReaderNo' parameter in 'card_scan.php'. It allows remote code execution by injecting commands enclosed in backticks, reading output from a temporary file, and cleaning up afterward.

Description

Linear eMerge E3-Series devices allow Command Injections.

Exploits (2)

exploitdb WORKING POC
by LiquidWorm · pythonwebappshardware
https://www.exploit-db.com/exploits/47619

This exploit leverages a command injection vulnerability in eMerge E3 1.00-06 via the 'ReaderNo' parameter in 'card_scan.php'. It allows remote code execution by injecting commands enclosed in backticks, reading output from a temporary file, and cleaning up afterward.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: eMerge E3 1.00-06
No auth needed
Prerequisites: Network access to the target web interface · Vulnerable version of eMerge E3
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/linear_emerge_unauth_rce_cve_2019_7256.rb

This Metasploit module exploits an unauthenticated command injection vulnerability in Linear eMerge E3-Series Access Controller via the `No` and `door` HTTP GET parameters in card_scan_decoder.php. Successful exploitation results in command execution as the root user.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Linear eMerge E3-Series Access Controller versions 1.00-06 and below
No auth needed
Prerequisites: Network access to the target device · Default root password (davestyle)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

eMerge E3 1.00-06 - Remote Code Execution
CRITICALVERIFIEDby pikpikcu
Shodan: title:"eMerge" || http.title:"emerge"
FOFA: title="emerge"

References (7)

Core 7
Core References

Scores

CVSS v3 9.8
EPSS 0.9440
EPSS Percentile 100.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2024-03-25
VulnCheck KEV 2020-02-01
InTheWild.io 2020-02-01
ENISA EUVD EUVD-2019-16800
CWE
CWE-78
Status published
Products (2)
nortekcontrol/linear_emerge_elite_firmware < 1.00-06
nortekcontrol/linear_emerge_essential_firmware < 1.00-06
Published Jul 02, 2019
KEV Added Mar 25, 2024
Tracked Since Feb 18, 2026