CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 6CVE-2024-9441 – Linear eMerge e3-Series Forgot Password Command Injection
https://notcve.org/view.php?id=CVE-2024-9441
02 Oct 2024 — The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP. Linear eMerge e3-Series versions through 1.00-07 suffer from a remote command execution vulnerability. This script tests for it. • https://packetstorm.news/files/id/183056 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 1CVE-2022-31798 – Nortek Linear eMerge E3-Series Account Takeover
https://notcve.org/view.php?id=CVE-2022-31798
08 Aug 2022 — Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account. Los dispositivos Nortek Linear eMerge E3-Series versión 0.32-07p, son vulnerables a /card_scan.php?CardFormatNo= XSS con fijación de sesión (por medio de PHPSESSID) cuando están encadenados. • https://github.com/omarhashem123/CVE-2022-31798 • CWE-384: Session Fixation •
CVSS: 10.0EPSS: 75%CPEs: 2EXPL: 3CVE-2022-31499 – Nortek Linear eMerge E3-Series Command Injection
https://notcve.org/view.php?id=CVE-2022-31499
08 Aug 2022 — Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256. Los dispositivos Nortek Linear eMerge E3-Series versiones anteriores a 0.32-08f, permiten a un atacante no autenticado inyectar comandos del sistema operativo por medio de ReaderNo. NOTA: este problema se presenta debido a una corrección incompleta de CVE-2019-7256. Nortek Linear eMerge E3-Series version 0.32-09c ... • https://github.com/omarhashem123/CVE-2022-31499 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.5EPSS: 9%CPEs: 2EXPL: 4CVE-2022-31269 – Nortek Linear eMerge E3-Series Credential Disclosure
https://notcve.org/view.php?id=CVE-2022-31269
08 Aug 2022 — Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.) Los dispositivos Nortek Linear eMerge E3-Series versiones hasta 0.32-09c, colocan credenciales de administrador en /test.txt que permiten a un atacante abrir las puertas de un edificio. (Esto ocurre en situaciones en las que han sido cambiadas las credenciales predeterminadas ... • https://github.com/omarhashem123/CVE-2022-31269 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-7252
https://notcve.org/view.php?id=CVE-2019-7252
02 Jul 2019 — Linear eMerge E3-Series devices have Default Credentials. Los dispositivos Linear eMerge E3-Series tienen credenciales predeterminadas. • https://applied-risk.com/labs/advisories • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-7253
https://notcve.org/view.php?id=CVE-2019-7253
02 Jul 2019 — Linear eMerge E3-Series devices allow Directory Traversal. Los dispositivos Linear eMerge E3-Series permiten un salto de directorio . • https://applied-risk.com/labs/advisories • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 68%CPEs: 4EXPL: 3CVE-2019-7254 – eMerge E3 1.00-06 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-7254
02 Jul 2019 — Linear eMerge E3-Series devices allow File Inclusion. Los dispositivos Linear eMerge E3-Series permiten la inclusión de archivos. Linear eMerge E3 versions 1.00-06 and below suffer from file disclosure and traversal vulnerabilities. • https://packetstorm.news/files/id/155252 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 6%CPEs: 4EXPL: 3CVE-2019-7255 – eMerge E3 1.00-06 - 'layout' Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-7255
02 Jul 2019 — Linear eMerge E3-Series devices allow XSS. Los dispositivos Linear eMerge E3-Series permiten XSS. Linear eMerge E3 versions 1.00-06 and below suffer from a reflective cross site scripting vulnerability. • https://packetstorm.news/files/id/155253 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 8%CPEs: 4EXPL: 3CVE-2019-7257 – eMerge E3 1.00-06 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2019-7257
02 Jul 2019 — Linear eMerge E3-Series devices allow Unrestricted File Upload. Los dispositivos Linear eMerge E3-Series permiten la carga de archivos sin restricciones. • https://packetstorm.news/files/id/155254 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 2CVE-2019-7258 – Linear eMerge E3 1.00-06 Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-7258
02 Jul 2019 — Linear eMerge E3-Series devices allow Privilege Escalation. Los dispositivos Linear eMerge E3-Series permiten la escalada de privilegios. Linear eMerge E3 versions 1.00-06 and below suffer from a privilege escalation vulnerability. • https://packetstorm.news/files/id/155260 • CWE-863: Incorrect Authorization •