Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e devices are vulnerable to Stored Cross-Site Scripting...
5.4CVSS
5.3AI Score
0.001EPSS
Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a SQL injection vulnerability via the idt...
9.8CVSS
9.8AI Score
0.002EPSS
Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and...
6.1CVSS
6AI Score
0.001EPSS
Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a local session fixation. This vulnerability allows attackers to escalate privileges via unspecified...
6.1CVSS
6.2AI Score
0.001EPSS
Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user...
6.1CVSS
6AI Score
0.001EPSS
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for...
9.8CVSS
9.6AI Score
0.974EPSS
Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been...
8.2CVSS
8.1AI Score
0.003EPSS
8.8CVSS
8.7AI Score
0.028EPSS
7.5CVSS
7.5AI Score
0.808EPSS
6.1CVSS
6.2AI Score
0.011EPSS
10CVSS
9.4AI Score
0.216EPSS
9.8CVSS
9.4AI Score
0.002EPSS
9.8CVSS
9.3AI Score
0.002EPSS
9.8CVSS
9.4AI Score
0.483EPSS
8.8CVSS
8.7AI Score
0.005EPSS
8.8CVSS
8.7AI Score
0.094EPSS
9.8CVSS
9.4AI Score
0.002EPSS
9.8CVSS
9.6AI Score
0.164EPSS
9.8CVSS
9.4AI Score
0.002EPSS
A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated...
9.8CVSS
9.7AI Score
0.003EPSS