module

Linear eMerge E3-Series Access Controller Command Injection

Try Surface Command
Back to search
Disclosed
2019-10-29
Created
2023-01-05

Description

This module exploits a command injection vulnerability in the Linear eMerge
E3-Series Access Controller. The Linear eMerge E3 versions `1.00-06` and below are vulnerable
to unauthenticated command injection in card_scan_decoder.php via the `No` and `door` HTTP GET parameter.
Successful exploitation results in command execution as the `root` user.

Authors

Gjoko Krstic gjoko@applied-risk.com
h00die-gr3y h00die.gr3y@gmail.com

Platform

Linux,Unix

Architectures

cmd, armle

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use exploit/linux/http/linear_emerge_unauth_rce_cve_2019_7256
    msf exploit(linear_emerge_unauth_rce_cve_2019_7256) > show targets
        ...targets...
    msf exploit(linear_emerge_unauth_rce_cve_2019_7256) > set TARGET < target-id >
    msf exploit(linear_emerge_unauth_rce_cve_2019_7256) > show options
        ...show and set options...
    msf exploit(linear_emerge_unauth_rce_cve_2019_7256) > exploit
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today