Nortekcontrol: Security Vulnerabilities
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.
CVSS Score
9.8
EPSS Score
0.938
Published
2022-08-25
Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account.
CVSS Score
6.1
EPSS Score
0.653
Published
2022-08-25
Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.)
CVSS Score
8.2
EPSS Score
0.911
Published
2022-08-25
Linear eMerge E3-Series devices allow File Inclusion.
CVSS Score
7.5
EPSS Score
0.867
Published
2019-07-02
Linear eMerge E3-Series devices allow XSS.
CVSS Score
6.1
EPSS Score
0.573
Published
2019-07-02
CVE-2019-7256
Linear eMerge E3-Series devices allow Command Injections.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2019-07-02
Linear eMerge E3-Series devices allow Unrestricted File Upload.
CVSS Score
10.0
EPSS Score
0.382
Published
2019-07-02
Linear eMerge E3-Series devices allow Privilege Escalation.
CVSS Score
8.8
EPSS Score
0.067
Published
2019-07-02
Linear eMerge E3-Series devices have Default Credentials.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-07-02
Linear eMerge E3-Series devices allow Directory Traversal.
CVSS Score
9.8
EPSS Score
0.009
Published
2019-07-02
Page 1