CVE-2024-9441
CVSS V2 None
CVSS V3 None
Description
The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP.
Overview
- CVE ID
- CVE-2024-9441
- Assigner
- VulnCheck
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-10-02T18:50:10.938Z
- Last Modified Date
- 2024-10-02T19:08:03.687Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://ssd-disclosure.com/ssd-advisory-nortek-linear-emerge-e3-pre-auth-rce/ | vendor-advisory exploit |
https://vulncheck.com/advisories/linear-emerge-forgot-password | third-party-advisory |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-9441 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9441 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-10-07 00:02:42 | Added to TrackCVE |