Searching vulnerabilities affecting “nortekcontrol”
24 vulnerabilities found for “nortekcontrol”
Page 1 of 2
Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account.
Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.)
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.
Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF).
Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on the ARM platform.
Linear eMerge E3-Series devices allow Directory Traversal.
Linear eMerge E3-Series devices have Hard-coded Credentials.
Linear eMerge E3-Series devices have Default Credentials.
Linear eMerge E3-Series devices allow Unrestricted File Upload.
Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure.
Linear eMerge 50P/5000P devices allow Authentication Bypass.
Linear eMerge E3-Series devices allow XSS.
Linear eMerge E3-Series devices have a Version Control Failure.
Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH).
Linear eMerge E3-Series devices allow File Inclusion.
Linear eMerge E3-Series devices have Cleartext Credentials in a Database.
Linear eMerge E3-Series devices allow Privilege Escalation.
Linear eMerge E3-Series devices allow Command Injections.
Nortek Linear eMerge 50P/5000P devices have Default Credentials.
A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges.