Path traversal

Linear eMerge 50P/5000P devices allow Cookie Path Traversal...

Remote code execution

Linear eMerge E3-Series devices allow Remote Code Execution root access over SSH...

Cross site request forgery (csrf)

Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery CSRF...

Design/Logic Flaw

Linear eMerge E3-Series devices have a Version Control Failure...

Unrestricted file upload

Linear eMerge 50P/5000P devices allow Unauthenticated File Upload...

CVE-2019-7259

Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure...

CVE-2019-7259

CVE-2019-7259 affects Nice Linear eMerge E3-Series (firmware 1.00-06 and prior). The vulnerability allows an authorization bypass via a specific GET request, causing disclosure of administrative credentials and full control of the control interface. The issue is part of a broader set of flaws in ...

CVE-2019-7260

Linear eMerge E3-Series devices have Cleartext Credentials in a Database...

CVE-2019-7260

CVE-2019-7260 affects Nice Linear eMerge E3-Series firmware 1.00-06 and prior. The vulnerability is insufficiently protected credentials: passwords stored in plaintext in the device’s database, enabling an attacker to obtain admin credentials and compromise the control interface. Reported CVSS v3...

CVE-2019-7261

Linear eMerge E3-Series devices have Hard-coded Credentials...

CVE-2019-7261

The CVE-2019-7261 entry affects Nice/Nortek Linear eMerge E3-Series devices (firmware 1.00-06 and earlier). The root cause is hard-coded credentials, including SSH access to root with embedded credentials, enabling full system compromise. Impact described across sources: remote access with high c...

CVE-2019-7262

CVE-2019-7262 affects Nice Linear eMerge E3-Series devices (firmware 1.00-06 and prior). The vulnerability is Cross-Site Request Forgery (CSRF) in the device’s web interface, caused by insufficient validation of requests from trusted users, enabling an attacker to perform actions with administrat...

CVE-2019-7262

Linear eMerge E3-Series devices allow Cross-Site Request Forgery CSRF...

CVE-2019-7263

CVE-2019-7263 affects Linear eMerge E3-Series devices and is described as a Version Control Failure. Connected sources corroborate the affected product and nature of the issue. The NVD entry assigns a high/critical impact profile (CVSSv3: 9.8) with network attack vector, no authentication/privile...

CVE-2019-7263

Linear eMerge E3-Series devices have a Version Control Failure...

CVE-2019-7264

Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on the ARM platform...

CVE-2019-7264

CVE-2019-7264 affects Nice Linear eMerge E3-Series devices. The vulnerability is a stack-based buffer overflow in multiple CGI binaries on firmware versions 1.00-06 and prior, caused by a boundary error in processing user input. Impacted devices could allow an attacker to execute arbitrary code o...

CVE-2019-7265

Linear eMerge E3-Series devices allow Remote Code Execution root access over SSH...

CVE-2019-7265

CVE-2019-7265 affects Nice Linear eMerge E3-Series devices (firmware 1.00-06 and earlier). The root cause is SSH access with hardcoded credentials, enabling remote code execution with root privileges. Public exploit code exists (Metasploit/Exploit-DB entries) demonstrating remote access. Impact i...

CVE-2019-7266

Summary (CVE-2019-7266) : The Linear eMerge 50P/5000P access-control system contains an authentication bypass vulnerability (Improper Authentication, CWE-287) affecting versions up to 4.6.07 (revision 79330) and earlier. Exploitation could allow a remote attacker to bypass login checks and gain u...