Nortekcontrol: >> Emerge E3 Firmware Security Vulnerabilities
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.
CVSS Score
9.8
EPSS Score
0.934
Published
2022-08-25
Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account.
CVSS Score
6.1
EPSS Score
0.653
Published
2022-08-25
Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.)
CVSS Score
8.2
EPSS Score
0.902
Published
2022-08-25
A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges.
CVSS Score
9.8
EPSS Score
0.013
Published
2018-02-19