Approved changes feed: RSS · Atom

cpe:2.3:o:nortekcontrol:emerge_e3_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

VendorNortekcontrol (492280f9-cfba-5476-b39d-54205118b0c5)
ProductEmerge E3 Firmware (766b96c6-8ff4-5aa7-9ae8-743707138879)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-9441 vulnerable 2026-06-08 07:00:27.534646 Linear eMerge e3-Series Forgot Password Command Injection
CRITICAL (9.8)
The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP.
Published: 2024-10-02T18:50:10.938Z
Updated: 2024-10-02T19:08:03.687Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-31798 vulnerable 2026-06-08 05:44:42.278561 Details available
Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account.
Published: 2022-08-25T22:15:45.000Z
Updated: 2024-08-03T07:26:01.358Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-31499 vulnerable 2026-06-08 05:43:40.975445 Details available
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.
Published: 2022-08-25T22:09:38.000Z
Updated: 2024-08-03T07:19:06.090Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-31269 vulnerable 2026-06-08 05:43:40.684402 Details available
Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.)
Published: 2022-08-25T21:59:52.000Z
Updated: 2024-08-03T07:11:39.944Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-5439 vulnerable 2026-06-08 05:11:51.000887 Details available
A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges.
Published: 2018-02-19T18:00:00.000Z
Updated: 2024-08-05T05:33:44.375Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.