CRITICAL🚩 CISA KEV⚑ EXPLOITπŸ‡΅πŸ‡± Wersja polska

CVE-2019-7256

CVSS 9.8v3.1pub. 2019-07-02upd. 2025-11-06

Linear eMerge E3-Series devices allow Command Injections.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Nortekcontrol Linear Emerge Elite

    HW
    Nortekcontrol
    wszystkie wersje
  • Nortekcontrol Linear Emerge Elite Firmware

    OS
    Nortekcontrol
    ≀ 1.00-06
  • Nortekcontrol Linear Emerge Essential

    HW
    Nortekcontrol
    wszystkie wersje
  • Nortekcontrol Linear Emerge Essential Firmware

    OS
    Nortekcontrol
    ≀ 1.00-06

CISA KEV β€” detailsi

Vendori
Nice
Producti
Linear eMerge E3-Series
Added to KEVi
March 25, 2024
Remediation deadline (US Federal)i
April 15, 2024(overdue)
Required action (CISA)i

Contact the vendor for guidance on remediating firmware, per their advisory.

CISA descriptioni

Nice Linear eMerge E3-Series contains an OS command injection vulnerability that allows an attacker to conduct remote code execution.

πŸ”΄
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
⏰CISA DEADLINE: 15 kwietnia 2024
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2019-7260CRITICAL9.8ten sam produkt

Linear eMerge E3-Series devices have Cleartext Credentials in a Database.

CVE-2019-7252CRITICAL9.8ten sam produkt

Linear eMerge E3-Series devices have Default Credentials.

CVE-2019-7253CRITICAL9.8ten sam produkt

Linear eMerge E3-Series devices allow Directory Traversal.

CVE-2019-7257CRITICAL10.0ten sam produkt

Linear eMerge E3-Series devices allow Unrestricted File Upload.

CVE-2019-7261CRITICAL9.8ten sam produkt

Linear eMerge E3-Series devices have Hard-coded Credentials.

CVE-2019-7256 β€” Nortekcontrol β€” Linear Emerge Elite β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl