Sign-up

ID

VAR-201907-0169


CVE

CVE-2019-7268


TITLE

Linear eMerge 50P/5000P Device unrestricted upload vulnerability type file vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-006077

DESCRIPTION

Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. Linear eMerge 50P/5000P The device contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Linear eMerge 50P / 5000P is a browser-managed access control security system from Nortek Security & Control. An attacker could use this vulnerability to upload a file with an arbitrary extension to a directory in the application's Web root directory and execute the uploaded file with the permissions of the Web server

Trust: 2.25

sources: NVD: CVE-2019-7268 // JVNDB: JVNDB-2019-006077 // CNVD: CNVD-2019-34615 // VULHUB: VHN-158703

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-34615

AFFECTED PRODUCTS

vendor:nortekcontrolmodel:linear emerge 50pscope:lteversion:4.6.07

Trust: 1.0

vendor:nortekcontrolmodel:linear emerge 5000pscope:lteversion:4.6.07

Trust: 1.0

vendor:nortekmodel:linear emerge 5000pscope: - version: -

Trust: 0.8

vendor:nortekmodel:linear emerge 50pscope: - version: -

Trust: 0.8

vendor:nortekmodel:security & control linear emerge 50p 5000p version)scope:eqversion:/<=4.6.07(79330

Trust: 0.6

sources: CNVD: CNVD-2019-34615 // JVNDB: JVNDB-2019-006077 // NVD: CVE-2019-7268

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-7268
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-7268
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-34615
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201907-095
value: CRITICAL

Trust: 0.6

VULHUB: VHN-158703
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-7268
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-34615
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-158703
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-7268
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2019-7268
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-34615 // VULHUB: VHN-158703 // JVNDB: JVNDB-2019-006077 // CNNVD: CNNVD-201907-095 // NVD: CVE-2019-7268

PROBLEMTYPE DATA

problemtype:CWE-434

Trust: 1.9

sources: VULHUB: VHN-158703 // JVNDB: JVNDB-2019-006077 // NVD: CVE-2019-7268

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-095

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201907-095

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006077

PATCH
title:Top Pageurl:https://www.nortekcontrol.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-006077

EXTERNAL IDS
db:NVDid:CVE-2019-7268
Trust: 3.1
db:ICS CERTid:ICSA-20-184-01
Trust: 1.7
db:PACKETSTORMid:155250
Trust: 1.7
db:JVNDBid:JVNDB-2019-006077
Trust: 0.8
db:CNNVDid:CNNVD-201907-095
Trust: 0.7
db:CNVDid:CNVD-2019-34615
Trust: 0.6
db:AUSCERTid:ESB-2020.2294
Trust: 0.6
db:NSFOCUSid:47610
Trust: 0.6
db:VULHUBid:VHN-158703
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-34615 // 
            
            
            
            VULHUB: VHN-158703 // 
            
            
            
            JVNDB: JVNDB-2019-006077 // 
            
            
            
            CNNVD: CNNVD-201907-095 // 
            
            
            
            NVD: CVE-2019-7268

REFERENCES
url:https://www.applied-risk.com/resources/ar-2019-006
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-7268
Trust: 2.0
url:http://packetstormsecurity.com/files/155250/linear-emerge50p-5000p-4.6.07-remote-code-execution.html
Trust: 1.7
url:https://applied-risk.com/labs/advisories
Trust: 1.7
url:https://www.us-cert.gov/ics/advisories/icsa-20-184-01
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7268
Trust: 0.8
url:http://www.nsfocus.net/vulndb/47610
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2294/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-34615 // 
            
            
            
            VULHUB: VHN-158703 // 
            
            
            
            JVNDB: JVNDB-2019-006077 // 
            
            
            
            CNNVD: CNNVD-201907-095 // 
            
            
            
            NVD: CVE-2019-7268

CREDITS
Sipke Mellema
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201907-095

SOURCES
db:CNVDid:CNVD-2019-34615
db:VULHUBid:VHN-158703
db:JVNDBid:JVNDB-2019-006077
db:CNNVDid:CNNVD-201907-095
db:NVDid:CVE-2019-7268

LAST UPDATE DATE
2024-11-23T22:11:58.489000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-34615date:2019-10-11T00:00:00
db:VULHUBid:VHN-158703date:2020-07-02T00:00:00
db:JVNDBid:JVNDB-2019-006077date:2019-07-09T00:00:00
db:CNNVDid:CNNVD-201907-095date:2020-08-12T00:00:00
db:NVDid:CVE-2019-7268date:2024-11-21T04:47:53.123

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-34615date:2019-10-10T00:00:00
db:VULHUBid:VHN-158703date:2019-07-02T00:00:00
db:JVNDBid:JVNDB-2019-006077date:2019-07-09T00:00:00
db:CNNVDid:CNNVD-201907-095date:2019-07-02T00:00:00
db:NVDid:CVE-2019-7268date:2019-07-02T17:15:12.257