Filtered by vendor Nortekcontrol
Subscriptions
Total
24 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-7253 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2024-08-04 | N/A |
Linear eMerge E3-Series devices allow Directory Traversal. | ||||
CVE-2022-31798 | 1 Nortekcontrol | 2 Emerge E3, Emerge E3 Firmware | 2024-08-03 | 6.1 Medium |
Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account. | ||||
CVE-2022-31499 | 1 Nortekcontrol | 2 Emerge E3, Emerge E3 Firmware | 2024-08-03 | 9.8 Critical |
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256. | ||||
CVE-2022-31269 | 1 Nortekcontrol | 2 Emerge E3, Emerge E3 Firmware | 2024-08-03 | 8.2 High |
Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.) |