Linear eMerge E3 - Cross-Site Scripting

Linear eMerge E3-Series devices are vulnerable to cross-site scripting via the 'layout' parameter. id: CVE-2019-7255 info: name: Linear eMerge E3 - Cross-Site Scripting author: arafatansari severity: medium description: | Linear eMerge E3-Series devices are vulnerable to cross-site scripting via...

Nortek Linear eMerge E3-Series - Cross-Site Scripting

There is a local session fixation vulnerability that, when chained with cross-site scripting, leads to account take over of admin or a lower privileged user. id: CVE-2022-31798 info: name: Nortek Linear eMerge E3-Series - Cross-Site Scripting author: ritikchaddha severity: medium description: |...

Nortek Linear eMerge E3-Series - SQL Injection

Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a SQL injection vulnerability via the idt parameter. id: CVE-2022-38627 info: name: Nortek Linear eMerge E3-Series - SQL Injection author: daffainfo,omarhashem666...

CVE-2022-38628

Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a cross-site scripting XSS vulnerability which is chained with a local session fixation. This vulnerability allows attackers to escalate privileges via unspecified...

CVE-2022-31269

Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. This occurs in situations where the CVE-2019-7271 default credentials have been changed...

CVE-2022-31798

Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /cardscan.php?CardFormatNo= XSS with session fixation via PHPSESSID when they are chained together. This would allow an attacker to take over an admin account or a user account...

CVE-2019-7271

Nortek Linear eMerge 50P/5000P devices have Default Credentials...

EUVD-2018-17209

Malware in sbrugna...

EUVD-2019-16815

Malware in sbrugna...

EUVD-2022-41205

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2022-38627

Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a SQL injection vulnerability via the idt parameter...

CVE-2022-31499

Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256...

Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems

Cybersecurity researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system OS commands. The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum...

Exploit for CVE-2024-9441

Nortek Linear eMerge E3 Pre-Auth RCE PoC CVE-2024-9441...

Nortek Control Linear eMerge E3-Series 安全漏洞

The Nortek Control Linear eMerge E3-Series is an access control from Nortek Control USA. It allows you to specify which doors a person can use to enter and exit a specified location at a specified time. A security vulnerability exists in Nortek Control Linear eMerge E3-Series version 1.00-07 and...

Nortek Linear eMerge E3-Series < 0.32-08f Command Injection

Nortek Linear eMerge E3-Series versions prior to 0.32-08f is affected by a vulnerability allowing an unauthenticated attacker to execute remote commands via a specially forged request. No source data...

Nortek Linear eMerge Detection

Binary data linearemergedetect.nbin...

Nortek Default SSH Credentials

The remote device is a Nortek device that uses a set of known, default credentials. An attacker who is able to connect to the service can use these credentials to gain control of the device. %NASLMINLEVEL 80900 C Tenable Network Security, Inc. include"compat.inc"; if description scriptid175106;...

VulnCheck KEV: CVE-2022-31499

Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256...

CVE-2022-38627

Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a SQL injection vulnerability via the idt parameter...