module
Linear eMerge E3-Series Access Controller Command Injection
| Disclosed |
|---|
| Oct 29, 2019 |
Disclosed
Oct 29, 2019
Description
This module exploits a command injection vulnerability in the Linear eMerge
E3-Series Access Controller. The Linear eMerge E3 versions `1.00-06` and below are vulnerable
to unauthenticated command injection in card_scan_decoder.php via the `No` and `door` HTTP GET parameter.
Successful exploitation results in command execution as the `root` user.
E3-Series Access Controller. The Linear eMerge E3 versions `1.00-06` and below are vulnerable
to unauthenticated command injection in card_scan_decoder.php via the `No` and `door` HTTP GET parameter.
Successful exploitation results in command execution as the `root` user.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.