Linear eMerge E3-Series devices allow Command Injections.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNortekcontrol Linear Emerge Elite
HWNortekcontrolwszystkie wersjeNortekcontrol Linear Emerge Elite Firmware
OSNortekcontrolβ€ 1.00-06Nortekcontrol Linear Emerge Essential
HWNortekcontrolwszystkie wersjeNortekcontrol Linear Emerge Essential Firmware
OSNortekcontrolβ€ 1.00-06
CISA KEV β detailsi
- Vendori
- Nice
- Producti
- Linear eMerge E3-Series
- Added to KEVi
- March 25, 2024
- Remediation deadline (US Federal)i
- April 15, 2024(overdue)
Required action (CISA)i
Contact the vendor for guidance on remediating firmware, per their advisory.
CISA descriptioni
Nice Linear eMerge E3-Series contains an OS command injection vulnerability that allows an attacker to conduct remote code execution.
π΄
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
β°CISA DEADLINE: 15 kwietnia 2024
Tags
Command Injection
References
Related vulnerabilities
CVE-2019-7260CRITICAL9.8ten sam produkt
Linear eMerge E3-Series devices have Cleartext Credentials in a Database.
CVE-2019-7252CRITICAL9.8ten sam produkt
Linear eMerge E3-Series devices have Default Credentials.
CVE-2019-7253CRITICAL9.8ten sam produkt
Linear eMerge E3-Series devices allow Directory Traversal.
CVE-2019-7257CRITICAL10.0ten sam produkt
Linear eMerge E3-Series devices allow Unrestricted File Upload.
CVE-2019-7261CRITICAL9.8ten sam produkt
Linear eMerge E3-Series devices have Hard-coded Credentials.