Aggregates CVE and security vulnerability intelligence across all nortekcontrol-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk csrf, vendor risk cross-site scripting, and vendor risk memory corruption; exposure may include vendor impact memory corruption in vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-31798 | Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account. | [email protected] | 6.1 | 86.61% | 2022-08-25 | 2024-11-21 |
| CVE-2022-31499 | Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256. | [email protected] | 9.8 | 93.25% | 2022-08-25 | 2024-11-21 |
| CVE-2022-31269 | Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.) | [email protected] | 8.2 | 81.01% | 2022-08-25 | 2024-11-21 |
| CVE-2019-7258 | Linear eMerge E3-Series devices allow Privilege Escalation. | [email protected] | 8.8 | 4.36% | 2019-07-02 | 2024-11-21 |
| CVE-2019-7257 | Linear eMerge E3-Series devices allow Unrestricted File Upload. | [email protected] | 10.0 | 36.50% | 2019-07-02 | 2024-11-21 |
| CVE-2019-7256 KEV | Linear eMerge E3-Series devices allow Command Injections. | [email protected] | 9.8 | 94.41% | 2019-07-02 | 2025-11-06 |
| CVE-2019-7255 | Linear eMerge E3-Series devices allow XSS. | [email protected] | 6.1 | 50.53% | 2019-07-02 | 2024-11-21 |
| CVE-2019-7254 | Linear eMerge E3-Series devices allow File Inclusion. | [email protected] | 7.5 | 90.62% | 2019-07-02 | 2024-11-21 |
| CVE-2019-7253 | Linear eMerge E3-Series devices allow Directory Traversal. | [email protected] | 9.8 | 0.65% | 2019-07-02 | 2024-11-21 |
| CVE-2019-7252 | Linear eMerge E3-Series devices have Default Credentials. | [email protected] | 9.8 | 0.40% | 2019-07-02 | 2024-11-21 |
| CVE-2019-7262 | Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF). | [email protected] | 8.8 | 38.32% | 2019-07-02 | 2024-11-21 |
| CVE-2019-7261 | Linear eMerge E3-Series devices have Hard-coded Credentials. | [email protected] | 9.8 | 0.94% | 2019-07-02 | 2024-11-21 |
| CVE-2019-7260 | Linear eMerge E3-Series devices have Cleartext Credentials in a Database. | [email protected] | 9.8 | 0.48% | 2019-07-02 | 2024-11-21 |
| CVE-2019-7259 | Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure. | [email protected] | 8.8 | 0.11% | 2019-07-02 | 2024-11-21 |
| CVE-2019-7270 | Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF). | [email protected] | 8.8 | 0.15% | 2019-07-02 | 2024-11-21 |
| CVE-2019-7269 | Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution. | [email protected] | 9.8 | 44.24% | 2019-07-02 | 2024-11-21 |
| CVE-2019-7268 | Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. | [email protected] | 10.0 | 0.73% | 2019-07-02 | 2024-11-21 |
| CVE-2019-7267 | Linear eMerge 50P/5000P devices allow Cookie Path Traversal. | [email protected] | 9.8 | 4.39% | 2019-07-02 | 2024-11-21 |
| CVE-2019-7266 | Linear eMerge 50P/5000P devices allow Authentication Bypass. | [email protected] | 9.8 | 3.69% | 2019-07-02 | 2024-11-21 |
| CVE-2019-7265 | Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH). | [email protected] | 9.8 | 40.98% | 2019-07-02 | 2024-11-21 |