CVE-2024-9441

CRITICAL

Linear eMerge e3-Series <1.00-07 - Command Injection

Title source: llm

Description

The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP.

Exploits (4)

nomisec WORKING POC 6 stars

by p33d · poc

https://github.com/p33d/CVE-2024-9441

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by adhikara13 · poc

https://github.com/adhikara13/CVE-2024-9441

View Code ZIP pw:eip

nomisec WORKING POC

by jk-mayne · poc

https://github.com/jk-mayne/CVE-2024-9441-Checker

View Code ZIP pw:eip

inthewild

poc

https://github.com/xiaomingx/cve-2024-9441-poc

View on inthewild

References (2)

[Various Sources] https://ssd-disclosure.com/ssd-advisory-nortek-linear-emerge-e3-pre-auth-rce/

[Third Party Advisory] https://vulncheck.com/advisories/linear-emerge-forgot-password

Scores

CVSS v3 9.8

EPSS 0.6015

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

Linear/eMerge e3-Series < 1.00-07

Published Oct 02, 2024

Tracked Since Feb 18, 2026