Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Emerge_e3_firmware
(Nortekcontrol)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-08-25 | CVE-2022-31269 | Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.) | Emerge_e3_firmware | 8.2 | ||
| 2022-08-25 | CVE-2022-31499 | Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256. | Emerge_e3_firmware | 9.8 | ||
| 2022-08-25 | CVE-2022-31798 | Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account. | Emerge_e3_firmware | 6.1 | ||
| 2018-02-19 | CVE-2018-5439 | A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges. | Emerge_e3_firmware | 9.8 |