Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Nortekcontrol Subscribe
Filtered by product Emerge E3 Firmware
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-31269 1 Nortekcontrol 2 Emerge E3, Emerge E3 Firmware 2022-09-02 N/A 8.2 HIGH
Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.)
CVE-2022-31499 1 Nortekcontrol 2 Emerge E3, Emerge E3 Firmware 2022-09-02 N/A 9.8 CRITICAL
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.
CVE-2022-31798 1 Nortekcontrol 2 Emerge E3, Emerge E3 Firmware 2022-09-02 N/A 6.1 MEDIUM
Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account.
CVE-2018-5439 1 Nortekcontrol 2 Emerge E3, Emerge E3 Firmware 2019-10-09 10.0 HIGH 9.8 CRITICAL
A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges.