CVE-2019-7256

Linear eMerge E3-Series devices allow Command Injections.

Basic Information

CVE State: PUBLISHED
Reserved Date: January 31, 2019
Published Date: July 02, 2019
Last Updated: August 04, 2024
Vendor: Linear
Product: eMerge E3-Series
Description: Linear eMerge E3-Series devices allow Command Injections.
Tags

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation: Active
Automatable: Yes
Technical Impact: Total

Exploit Status

Exploited in the Wild: Yes (2025-05-03 00:00:00 UTC) Source

References

https://applied-risk.com/labs/advisories https://www.applied-risk.com/resources/ar-2019-005 http://packetstormsecurity.com/files/155255/Linear-eMerge-E3-1.00-06-card_scan.php-Command-Injection.html http://packetstormsecurity.com/files/155256/Linear-eMerge-E3-1.00-06-card_scan_decoder.php-Command-Injection.html http://packetstormsecurity.com/files/155272/Linear-eMerge-E3-Access-Controller-Command-Injection.html http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2024-03-25 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/linear_emerge_unauth_rce_cve_2019_7256.rb	2025-04-29 11:01:13 UTC
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-7256.yaml	2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

linear_emerge_unauth_rce_cve_2019_7256

Type: metasploit • Created: Unknown

Metasploit module for CVE-2019-7256

Timeline

CVE ID Reserved

January 31, 2019
CVE Published to Public

July 02, 2019
Added to KEVIntel

March 25, 2024
Detected by Nuclei

April 26, 2025
Detected by Metasploit

April 29, 2025