cbcvebase.
CVE-2019-7259
published 2019-07-02

CVE-2019-7259: Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure.

PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
13.18%
95.9th percentile
Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure.

Affected

2 ranges
VendorProductVersion rangeFixed in
nortekcontrollinear_emerge_elite_firmware<= 1.00-06
nortekcontrollinear_emerge_essential_firmware<= 1.00-06

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://192.168.1.2/?c=webuser&m=update
urlhttp://192.168.1.2/?c=webuser&m=select&p=&f=&w=&v=1
path/?c=webuser&m=update
path/?c=webuser&m=select&p=&f=&w=&v=1
  • Detect unauthenticated or low-privilege POST requests to the webuser update endpoint (?c=webuser&m=update) with UserRole=1 in the POST body, indicating privilege escalation attempts on Linear eMerge E3-Series devices.
  • Detect GET requests to the webuser select endpoint (?c=webuser&m=select) which can be used for unauthorized information disclosure of user credentials on Linear eMerge E3-Series devices.
  • Monitor for authorization bypass patterns where the ?c=webuser controller endpoint is accessed without proper privilege validation, covering both m=update (escalation) and m=select (disclosure) actions.
  • ·The exploit PoC uses a hardcoded private IP (192.168.1.2); in real deployments the target IP will vary. Detection rules should match on the URI path patterns (?c=webuser&m=update and ?c=webuser&m=select) rather than the destination IP.
  • ·The exploit was tested against firmware version 1.00-06 of the Linear eMerge E3-Series. Other firmware versions may present the same vulnerable endpoints but have not been explicitly confirmed in this PoC.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.