10
CVE-2019-7256
- EPSS 94.41%
- Veröffentlicht 02.07.2019 19:15:11
- Zuletzt bearbeitet 06.11.2025 16:52:01
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginLinear eMerge E3-Series devices allow Command Injections.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nortekcontrol ≫ Linear Emerge Essential Firmware Version <= 1.00-06
Nortekcontrol ≫ Linear Emerge Elite Firmware Version <= 1.00-06
25.03.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog
Nice Linear eMerge E3-Series OS Command Injection Vulnerability
SchwachstelleNice Linear eMerge E3-Series contains an OS command injection vulnerability that allows an attacker to conduct remote code execution.
BeschreibungContact the vendor for guidance on remediating firmware, per their advisory.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.41% | 1 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.