Nortek Linear eMerge E3-Series - Cross-Site Scripting

There is a local session fixation vulnerability that, when chained with cross-site scripting, leads to account take over of admin or a lower privileged user. id: CVE-2022-31798 info: name: Nortek Linear eMerge E3-Series - Cross-Site Scripting author: ritikchaddha severity: medium description: |...

Linear eMerge E3-Series - Information Disclosure

Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control buildi...

Nortek Linear eMerge E3-Series <0.32-08f - Remote Command Injection

Nortek Linear eMerge E3-Series devices before 0.32-08f are susceptible to remote command injection via ReaderNo. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. NOTE: this...

eMerge E3 1.00-06 - Local File Inclusion

Linear eMerge E3-Series devices are vulnerable to local file inclusion. id: CVE-2019-7254 info: name: eMerge E3 1.00-06 - Local File Inclusion author: 0xAkoko severity: high description: Linear eMerge E3-Series devices are vulnerable to local file inclusion. impact: | Successful exploitation of...

eMerge E3 1.00-06 - Remote Code Execution

Linear eMerge E3-Series devices are susceptible to remote code execution vulnerabilities. id: CVE-2019-7256 info: name: eMerge E3 1.00-06 - Remote Code Execution author: pikpikcu severity: critical description: | Linear eMerge E3-Series devices are susceptible to remote code execution...