module
Linear eMerge E3-Series Access Controller Command Injection
| Disclosed |
|---|
| Oct 29, 2019 |
Disclosed
Oct 29, 2019
Description
This module exploits a command injection vulnerability in the Linear eMerge
E3-Series Access Controller. The Linear eMerge E3 versions `1.00-06` and below are vulnerable
to unauthenticated command injection in card_scan_decoder.php via the `No` and `door` HTTP GET parameter.
Successful exploitation results in command execution as the `root` user.
E3-Series Access Controller. The Linear eMerge E3 versions `1.00-06` and below are vulnerable
to unauthenticated command injection in card_scan_decoder.php via the `No` and `door` HTTP GET parameter.
Successful exploitation results in command execution as the `root` user.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.