Nortekcontrol Emerge E3 Firmware vulnerabilities
4 known vulnerabilities affecting nortekcontrol/emerge_e3_firmware.
Total CVEs
4
CISA KEV
0
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-31499P1CRITICALCVSS 9.8ExploitedPoC≤ 0.32-09c2022-08-25
CVE-2022-31499 [CRITICAL] CVE-2022-31499: Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject O
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.
nvd
CVE-2022-31269P2HIGHCVSS 8.2PoC≤ 0.32-09c2022-08-25
CVE-2022-31269 [HIGH] CVE-2022-31269: Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that al
Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.)
nvd
CVE-2022-31798P3MEDIUMCVSS 6.1PoC≤ 0.32-07p2022-08-25
CVE-2022-31798 [MEDIUM] CWE-384 CVE-2022-31798: Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS w
Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account.
nvd
CVE-2018-5439P2CRITICALCVSS 9.8≤ 0.32-07e2018-02-19
CVE-2018-5439 [CRITICAL] CWE-77 CVE-2018-5439: A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and pr
A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges.
nvd