Show filters
24 Total Results
Displaying 1-10 of 24
Sort by:
Attacker Value
Very High

CVE-2019-7256

Disclosure Date: July 02, 2019 (last updated August 14, 2024)
Linear eMerge E3-Series devices allow Command Injections.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
2
1
Attacker Value
Very High

CVE-2019-7252

Disclosure Date: July 02, 2019 (last updated November 27, 2024)
Linear eMerge E3-Series devices have Default Credentials.
1
1
Attacker Value
Unknown

CVE-2022-31798

Disclosure Date: August 25, 2022 (last updated February 24, 2025)
Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-31499

Disclosure Date: August 25, 2022 (last updated February 24, 2025)
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-31269

Disclosure Date: August 25, 2022 (last updated February 24, 2025)
Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.)
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-7257

Disclosure Date: July 02, 2019 (last updated November 27, 2024)
Linear eMerge E3-Series devices allow Unrestricted File Upload.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-7255

Disclosure Date: July 02, 2019 (last updated November 27, 2024)
Linear eMerge E3-Series devices allow XSS.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-7253

Disclosure Date: July 02, 2019 (last updated November 27, 2024)
Linear eMerge E3-Series devices allow Directory Traversal.
0
0
Attacker Value
Unknown

CVE-2019-7258

Disclosure Date: July 02, 2019 (last updated November 27, 2024)
Linear eMerge E3-Series devices allow Privilege Escalation.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-7254

Disclosure Date: July 02, 2019 (last updated November 27, 2024)
Linear eMerge E3-Series devices allow File Inclusion.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  Next >