Emerge E3 Security Vulnerabilities

CVE-2022-42710

Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e devices are vulnerable to Stored Cross-Site Scripting...

CVE-2022-38627

Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a SQL injection vulnerability via the idt...

CVE-2022-46381

Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and...

CVE-2022-38628

Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a local session fixation. This vulnerability allows attackers to escalate privileges via unspecified...

CVE-2022-31798

Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user...

CVE-2022-31499

Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for...

CVE-2022-31269

Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been...

CVE-2019-7256

Linear eMerge E3-Series devices allow Command...

CVE-2019-7258

Linear eMerge E3-Series devices allow Privilege...

CVE-2019-7254

Linear eMerge E3-Series devices allow File...

CVE-2019-7255

Linear eMerge E3-Series devices allow...

CVE-2019-7257

Linear eMerge E3-Series devices allow Unrestricted File...

CVE-2019-7253

Linear eMerge E3-Series devices allow Directory...

CVE-2019-7252

Linear eMerge E3-Series devices have Default...

CVE-2019-7260

Linear eMerge E3-Series devices have Cleartext Credentials in a...

CVE-2019-7261

Linear eMerge E3-Series devices have Hard-coded...

CVE-2019-7262

Linear eMerge E3-Series devices allow Cross-Site Request Forgery...

CVE-2019-7259

Linear eMerge E3-Series devices allow Authorization Bypass with Information...

CVE-2019-7264

Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on the ARM...

CVE-2019-7265

Linear eMerge E3-Series devices allow Remote Code Execution (root access over...

CVE-2019-7263

Linear eMerge E3-Series devices have a Version Control...

CVE-2018-5439

A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated...