Sign-up

ID

VAR-201802-1043


CVE

CVE-2018-5439


TITLE

Nortek Linear eMerge E3 Series Command injection vulnerability

Trust: 1.4

sources: IVD: e2e3c6c0-39ab-11e9-b2e3-000c29342cb1 // CNVD: CNVD-2018-03483 // CNNVD: CNNVD-201802-814

DESCRIPTION

A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges. Nortek Security&Control is a company that provides wireless security, home automation and personal security systems and devices. The platform provides scalable, browser-based access control capabilities

Trust: 2.52

sources: NVD: CVE-2018-5439 // JVNDB: JVNDB-2018-002424 // CNVD: CNVD-2018-03483 // IVD: e2e3c6c0-39ab-11e9-b2e3-000c29342cb1 // VULHUB: VHN-135470 // VULMON: CVE-2018-5439

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2e3c6c0-39ab-11e9-b2e3-000c29342cb1 // CNVD: CNVD-2018-03483

AFFECTED PRODUCTS

vendor:nortekcontrolmodel:emerge e3scope:lteversion:0.32-07e

Trust: 1.0

vendor:nortekmodel:linear emerge e3 series <=v0.32-07escope: - version: -

Trust: 0.8

vendor:nortekmodel:linear emerge e3scope:lteversion:0.32-07e

Trust: 0.8

vendor:nortekcontrolmodel:emerge e3scope:eqversion:0.32-07e

Trust: 0.6

sources: IVD: e2e3c6c0-39ab-11e9-b2e3-000c29342cb1 // CNVD: CNVD-2018-03483 // JVNDB: JVNDB-2018-002424 // CNNVD: CNNVD-201802-814 // NVD: CVE-2018-5439

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5439
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-5439
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-03483
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201802-814
value: CRITICAL

Trust: 0.6

IVD: e2e3c6c0-39ab-11e9-b2e3-000c29342cb1
value: CRITICAL

Trust: 0.2

VULHUB: VHN-135470
value: HIGH

Trust: 0.1

VULMON: CVE-2018-5439
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-5439
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-03483
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e3c6c0-39ab-11e9-b2e3-000c29342cb1
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-135470
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5439
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2e3c6c0-39ab-11e9-b2e3-000c29342cb1 // CNVD: CNVD-2018-03483 // VULHUB: VHN-135470 // VULMON: CVE-2018-5439 // JVNDB: JVNDB-2018-002424 // CNNVD: CNNVD-201802-814 // NVD: CVE-2018-5439

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

sources: VULHUB: VHN-135470 // JVNDB: JVNDB-2018-002424 // NVD: CVE-2018-5439

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-814

TYPE

Command injection

Trust: 0.8

sources: IVD: e2e3c6c0-39ab-11e9-b2e3-000c29342cb1 // CNNVD: CNNVD-201802-814

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002424

PATCH
title:Top Pageurl:https://nortekcontrol.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-002424

EXTERNAL IDS
db:NVDid:CVE-2018-5439
Trust: 3.4
db:ICS CERTid:ICSA-18-046-01
Trust: 3.2
db:CNNVDid:CNNVD-201802-814
Trust: 0.9
db:CNVDid:CNVD-2018-03483
Trust: 0.8
db:JVNDBid:JVNDB-2018-002424
Trust: 0.8
db:BIDid:103053
Trust: 0.6
db:IVDid:E2E3C6C0-39AB-11E9-B2E3-000C29342CB1
Trust: 0.2
db:SEEBUGid:SSVID-99009
Trust: 0.1
db:VULHUBid:VHN-135470
Trust: 0.1
db:VULMONid:CVE-2018-5439
Trust: 0.1
sources:
            
            
            IVD: e2e3c6c0-39ab-11e9-b2e3-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-03483 // 
            
            
            
            VULHUB: VHN-135470 // 
            
            
            
            VULMON: CVE-2018-5439 // 
            
            
            
            JVNDB: JVNDB-2018-002424 // 
            
            
            
            CNNVD: CNNVD-201802-814 // 
            
            
            
            NVD: CVE-2018-5439

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-046-01
Trust: 3.3
url:https://nvd.nist.gov/vuln/detail/cve-2018-5439
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5439
Trust: 0.8
url:https://www.securityfocus.com/bid/103053
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/77.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-03483 // 
            
            
            
            VULHUB: VHN-135470 // 
            
            
            
            VULMON: CVE-2018-5439 // 
            
            
            
            JVNDB: JVNDB-2018-002424 // 
            
            
            
            CNNVD: CNNVD-201802-814 // 
            
            
            
            NVD: CVE-2018-5439

SOURCES
db:IVDid:e2e3c6c0-39ab-11e9-b2e3-000c29342cb1
db:CNVDid:CNVD-2018-03483
db:VULHUBid:VHN-135470
db:VULMONid:CVE-2018-5439
db:JVNDBid:JVNDB-2018-002424
db:CNNVDid:CNNVD-201802-814
db:NVDid:CVE-2018-5439

LAST UPDATE DATE
2024-11-23T19:52:36.361000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-03483date:2018-02-26T00:00:00
db:VULHUBid:VHN-135470date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-5439date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-002424date:2018-04-11T00:00:00
db:CNNVDid:CNNVD-201802-814date:2019-10-17T00:00:00
db:NVDid:CVE-2018-5439date:2024-11-21T04:08:48.407

SOURCES RELEASE DATE
db:IVDid:e2e3c6c0-39ab-11e9-b2e3-000c29342cb1date:2018-02-26T00:00:00
db:CNVDid:CNVD-2018-03483date:2018-02-26T00:00:00
db:VULHUBid:VHN-135470date:2018-02-19T00:00:00
db:VULMONid:CVE-2018-5439date:2018-02-19T00:00:00
db:JVNDBid:JVNDB-2018-002424date:2018-04-11T00:00:00
db:CNNVDid:CNNVD-201802-814date:2018-02-19T00:00:00
db:NVDid:CVE-2018-5439date:2018-02-19T18:29:00.210