|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-08-28 | |
| Rule Name: | Nice Linear eMerge E3-Series OS Command Injection Vulnerability (CVE-2019-7256) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Nortek Security&Control Linear eMerge E3-Series is an access control device from Nortek Security&Control. The Linear eMerge E3-Series device has a command injection vulnerability, which stems from a program that uses external input to build commands without properly handling its special elements that can modify the command. An attacker can use this vulnerability to execute dangerous commands directly on the operating system. | |
| Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | http://packetstormsecurity.com/files/155255/Linear-eMerge-E3-1.00-06-card_scan.php-Command-Injection.html http://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_decoder.php-Command-Injection.html http://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-Command-Injection.html http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.html |
|
| Solutions |
|---|
| Refer to the announcement or patch by the vendor: https://www.nortekcontrol.com/ |