CVE-2024-9441
- EPSS 60.15%
- Veröffentlicht 02.10.2024 19:15:16
- Zuletzt bearbeitet 04.10.2024 13:50:43
The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functiona...
CVE-2022-31499
- EPSS 92.83%
- Veröffentlicht 25.08.2022 23:15:08
- Zuletzt bearbeitet 21.11.2024 07:04:35
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.
CVE-2022-31798
- EPSS 78.15%
- Veröffentlicht 25.08.2022 23:15:08
- Zuletzt bearbeitet 21.11.2024 07:05:21
Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account.
CVE-2022-31269
- EPSS 81.01%
- Veröffentlicht 25.08.2022 22:15:08
- Zuletzt bearbeitet 21.11.2024 07:04:16
Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.)
- EPSS 1.25%
- Veröffentlicht 19.02.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:08:48
A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges.