Skip to main content

Emerge E3 Firmware

4 CVEs product

Monthly

CVE-2022-31798 MEDIUM POC This Month

Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation XSS PHP Emerge E3 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
6.7%
CVE-2022-31499 CRITICAL POC THREAT Act Now

Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Emerge E3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
64.6%
CVE-2022-31269 HIGH POC This Week

Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Emerge E3 Firmware
NVD GitHub
CVSS 3.1
8.2
EPSS
5.1%
CVE-2018-5439 CRITICAL Act Now

A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Emerge E3 Firmware
NVD
CVSS 3.0
9.8
EPSS
4.2%
EPSS 7% CVSS 6.1
MEDIUM POC This Month

Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation XSS PHP +1
NVD GitHub
EPSS 65% CVSS 9.8
CRITICAL POC THREAT Act Now

Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Emerge E3 Firmware
NVD GitHub
EPSS 5% CVSS 8.2
HIGH POC This Week

Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Emerge E3 Firmware
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL Act Now

A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Emerge E3 Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy