Nortekcontrol: >> Emerge E3 Firmware >> 0.32-09c Security Vulnerabilities
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.
CVSS Score
9.8
EPSS Score
0.934
Published
2022-08-25
Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.)
CVSS Score
8.2
EPSS Score
0.902
Published
2022-08-25