Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-9441 PoC — Linear eMerge e3-Series Forgot Password Command Injection

Source
https://github.com/adhikara13/CVE-2024-9441
Associated Vulnerability
Title:Linear eMerge e3-Series Forgot Password Command Injection (CVE-2024-9441)
Description:The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP.
Description
Nortek Linear eMerge E3 Pre-Auth RCE PoC (CVE-2024-9441)
Readme
## Nortek Linear eMerge E3 Pre-Auth RCE PoC (CVE-2024-9441)

### Description:
This repository contains a Proof of Concept (PoC) exploit for **Nortek Linear eMerge E3** (CVE-2024-9441), which is vulnerable to **Remote Code Execution (RCE)** in a pre-authentication state. The vulnerability is triggered via a flaw in the password recovery feature, which allows an attacker to inject malicious PHP code into the system, leading to arbitrary code execution.

This PoC allows you to:
- Exploit the vulnerability by sending a crafted request.
- Execute arbitrary commands on the target system.
- Scan multiple targets using a mass scan feature from a list of IPs and ports.
- Perform single target scans using customizable parameters (IP, port, command, etc.).

### Vulnerability Details:
- **CVE**: [CVE-2024-9441](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9441)
- **Affected Product**: Nortek Linear eMerge E3 (all versions prior to patch)
- **Type**: Pre-Auth Remote Code Execution
- **Attack Vector**: HTTP POST request exploiting the password recovery mechanism.

### Usage:

#### Requirements:
- Python 3.x
- `requests` library (`pip install requests`)

#### Single Scan Example:

```bash
python3 exploit.py --ip <target_ip> --port <port> --cmd "<command>"
```

#### Mass Scan Example:
Prepare a text file (e.g., `targets.txt`) with a list of target IPs and ports (one per line), then run:

```bash
python3 exploit.py --list targets.txt --cmd "<command>"
```

#### Notes:
- Replace `<command>` with the actual command you want to execute on the target.
- The PoC defaults to executing `/bin/ls -al /spider/web` if no command is provided.

### Disclaimer:
This PoC is for educational and research purposes only. Use responsibly and only against systems for which you have explicit permission to test. The author is not responsible for any misuse of this tool.

### Reference:
- https://ssd-disclosure.com/ssd-advisory-nortek-linear-emerge-e3-pre-auth-rce/
File Snapshot

 [4.0K]  /data/pocs/4c3910c286de28cf78e50f84c54b40c2a3e7c014
├── [2.3K]  exploit.py
└── [1.9K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →