CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 6CVE-2024-9441 – Linear eMerge e3-Series Forgot Password Command Injection
https://notcve.org/view.php?id=CVE-2024-9441
02 Oct 2024 — The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP. Linear eMerge e3-Series versions through 1.00-07 suffer from a remote command execution vulnerability. This script tests for it. • https://packetstorm.news/files/id/183056 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 1CVE-2022-31798 – Nortek Linear eMerge E3-Series Account Takeover
https://notcve.org/view.php?id=CVE-2022-31798
08 Aug 2022 — Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account. Los dispositivos Nortek Linear eMerge E3-Series versión 0.32-07p, son vulnerables a /card_scan.php?CardFormatNo= XSS con fijación de sesión (por medio de PHPSESSID) cuando están encadenados. • https://github.com/omarhashem123/CVE-2022-31798 • CWE-384: Session Fixation •
CVSS: 10.0EPSS: 75%CPEs: 2EXPL: 3CVE-2022-31499 – Nortek Linear eMerge E3-Series Command Injection
https://notcve.org/view.php?id=CVE-2022-31499
08 Aug 2022 — Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256. Los dispositivos Nortek Linear eMerge E3-Series versiones anteriores a 0.32-08f, permiten a un atacante no autenticado inyectar comandos del sistema operativo por medio de ReaderNo. NOTA: este problema se presenta debido a una corrección incompleta de CVE-2019-7256. Nortek Linear eMerge E3-Series version 0.32-09c ... • https://github.com/omarhashem123/CVE-2022-31499 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.5EPSS: 9%CPEs: 2EXPL: 4CVE-2022-31269 – Nortek Linear eMerge E3-Series Credential Disclosure
https://notcve.org/view.php?id=CVE-2022-31269
08 Aug 2022 — Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.) Los dispositivos Nortek Linear eMerge E3-Series versiones hasta 0.32-09c, colocan credenciales de administrador en /test.txt que permiten a un atacante abrir las puertas de un edificio. (Esto ocurre en situaciones en las que han sido cambiadas las credenciales predeterminadas ... • https://github.com/omarhashem123/CVE-2022-31269 • CWE-798: Use of Hard-coded Credentials •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5439
https://notcve.org/view.php?id=CVE-2018-5439
19 Feb 2018 — A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges. Se ha descubierto un problema de inyección de comandos en Nortek Linear eMerge E3 series en versiones V0.32-07e y anteriores. Un atacante remoto podría ejecutar código arbitrario en un sistema objetivo con privilegios elevados. • https://ics-cert.us-cert.gov/advisories/ICSA-18-046-01 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •