CVE-2019-7256 — CRITICAL (9.8)

Q: What is CVE-2019-7256?

CVE-2019-7256 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Linear eMerge E3-Series devices allow Command Injections.

Q: How severe is CVE-2019-7256?

CVE-2019-7256 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2019-7256?

Check the references section above for vendor advisories and patch information. Affected products include: Nortekcontrol Linear Emerge Essential Firmware, Nortekcontrol Linear Emerge Essential, Nortekcontrol Linear Emerge Elite Firmware, Nortekcontrol Linear Emerge Elite.

Vulnerability Description

Linear eMerge E3-Series devices allow Command Injections.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Nortekcontrol	Linear Emerge Essential Firmware	<= 1.00-06
Nortekcontrol	Linear Emerge Essential	-
Nortekcontrol	Linear Emerge Elite Firmware	<= 1.00-06
Nortekcontrol	Linear Emerge Elite	-

Related Weaknesses (CWE)

CWE-78

References

http://packetstormsecurity.com/files/155255/Linear-eMerge-E3-1.00-06-card_scan.pExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_dExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-CExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-ContrExploitThird Party AdvisoryVDB Entry
https://applied-risk.com/labs/advisoriesNot Applicable
https://www.applied-risk.com/resources/ar-2019-005Third Party Advisory
http://packetstormsecurity.com/files/155255/Linear-eMerge-E3-1.00-06-card_scan.pExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_dExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-CExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-ContrExploitThird Party AdvisoryVDB Entry
https://applied-risk.com/labs/advisoriesNot Applicable
https://www.applied-risk.com/resources/ar-2019-005Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-US Government Resource

FAQ

What is CVE-2019-7256?

CVE-2019-7256 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Linear eMerge E3-Series devices allow Command Injections.

How severe is CVE-2019-7256?

CVE-2019-7256 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-7256?

Check the references section above for vendor advisories and patch information. Affected products include: Nortekcontrol Linear Emerge Essential Firmware, Nortekcontrol Linear Emerge Essential, Nortekcontrol Linear Emerge Elite Firmware, Nortekcontrol Linear Emerge Elite.