omarhashem123

3 exploits Active since Aug 2022
CVE-2022-31269 NOMISEC HIGH WRITEUP
Nortek Linear eMerge E3-Series <0.32-09c - Info Disclosure
Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.)
1 stars
CVSS 8.2
CVE-2022-31499 NOMISEC CRITICAL WRITEUP
Nortek Linear eMerge E3-Series <0.32-08f - Command Injection
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.
1 stars
CVSS 9.8
CVE-2022-31798 NOMISEC MEDIUM WRITEUP
Nortekcontrol Emerge E3 Firmware < 0.32-07p - XSS
Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account.
1 stars
CVSS 6.1