POC详情: 4c3910c286de28cf78e50f84c54b40c2a3e7c014

来源
https://github.com/adhikara13/CVE-2024-9441
关联漏洞
标题: Nortek Control Linear eMerge E3-Series 安全漏洞 (CVE-2024-9441)
描述:Nortek Control Linear eMerge E3-Series是美国Nortek Control公司的一种门禁控制器。可指定人员在指定时间可以使用哪些门进出指定地点。 Nortek Control Linear eMerge E3-Series 1.00-07版本及之前版本存在安全漏洞。攻击者利用该漏洞通过login_id参数执行任意操作系统命令。
描述
Nortek Linear eMerge E3 Pre-Auth RCE PoC (CVE-2024-9441)
介绍
## Nortek Linear eMerge E3 Pre-Auth RCE PoC (CVE-2024-9441)

### Description:
This repository contains a Proof of Concept (PoC) exploit for **Nortek Linear eMerge E3** (CVE-2024-9441), which is vulnerable to **Remote Code Execution (RCE)** in a pre-authentication state. The vulnerability is triggered via a flaw in the password recovery feature, which allows an attacker to inject malicious PHP code into the system, leading to arbitrary code execution.

This PoC allows you to:
- Exploit the vulnerability by sending a crafted request.
- Execute arbitrary commands on the target system.
- Scan multiple targets using a mass scan feature from a list of IPs and ports.
- Perform single target scans using customizable parameters (IP, port, command, etc.).

### Vulnerability Details:
- **CVE**: [CVE-2024-9441](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9441)
- **Affected Product**: Nortek Linear eMerge E3 (all versions prior to patch)
- **Type**: Pre-Auth Remote Code Execution
- **Attack Vector**: HTTP POST request exploiting the password recovery mechanism.

### Usage:

#### Requirements:
- Python 3.x
- `requests` library (`pip install requests`)

#### Single Scan Example:

```bash
python3 exploit.py --ip <target_ip> --port <port> --cmd "<command>"
```

#### Mass Scan Example:
Prepare a text file (e.g., `targets.txt`) with a list of target IPs and ports (one per line), then run:

```bash
python3 exploit.py --list targets.txt --cmd "<command>"
```

#### Notes:
- Replace `<command>` with the actual command you want to execute on the target.
- The PoC defaults to executing `/bin/ls -al /spider/web` if no command is provided.

### Disclaimer:
This PoC is for educational and research purposes only. Use responsibly and only against systems for which you have explicit permission to test. The author is not responsible for any misuse of this tool.

### Reference:
- https://ssd-disclosure.com/ssd-advisory-nortek-linear-emerge-e3-pre-auth-rce/
文件快照

 [4.0K]  /data/pocs/4c3910c286de28cf78e50f84c54b40c2a3e7c014
├── [2.3K]  exploit.py
└── [1.9K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。