NortekcontrolCVEs & Vulnerabilities

24 CVEs affecting Nortekcontrol products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

linear emerge essential firmware 14linear emerge essential 14linear emerge elite 14linear emerge elite firmware 14linear emerge 50p firmware 6linear emerge 5000p 6linear emerge 5000p firmware 6linear emerge 50p 6
CVE-2022-31499KEVCRITICALin the wild

Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.

11 Apr 2026
9.8
CVSS
CVE-2019-7256KEVCRITICALin the wild

Linear eMerge E3-Series devices allow Command Injections.

25 Mar 2024
9.8
CVSS
CVE-2022-31798MEDIUM

Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account.

26 Aug 2022
6.1
CVSS
CVE-2022-31269HIGH

Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.)

26 Aug 2022
8.2
CVSS
CVE-2019-7258HIGH

Linear eMerge E3-Series devices allow Privilege Escalation.

2 Jul 2019
8.8
CVSS
CVE-2019-7257CRITICALpoc

Linear eMerge E3-Series devices allow Unrestricted File Upload.

2 Jul 2019
10.0
CVSS
CVE-2019-7255MEDIUMpoc

Linear eMerge E3-Series devices allow XSS.

2 Jul 2019
6.1
CVSS
CVE-2019-7254HIGHpoc

Linear eMerge E3-Series devices allow File Inclusion.

2 Jul 2019
7.5
CVSS
CVE-2019-7253CRITICAL

Linear eMerge E3-Series devices allow Directory Traversal.

2 Jul 2019
9.8
CVSS
CVE-2019-7252CRITICAL

Linear eMerge E3-Series devices have Default Credentials.

2 Jul 2019
9.8
CVSS
CVE-2019-7262HIGHpoc

Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF).

2 Jul 2019
8.8
CVSS
CVE-2019-7261CRITICAL

Linear eMerge E3-Series devices have Hard-coded Credentials.

2 Jul 2019
9.8
CVSS
CVE-2019-7260CRITICAL

Linear eMerge E3-Series devices have Cleartext Credentials in a Database.

2 Jul 2019
9.8
CVSS
CVE-2019-7259HIGH

Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure.

2 Jul 2019
8.8
CVSS
CVE-2019-7270HIGH

Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF).

2 Jul 2019
8.8
CVSS
CVE-2019-7269CRITICALpoc

Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution.

2 Jul 2019
9.8
CVSS
CVE-2019-7268CRITICAL

Linear eMerge 50P/5000P devices allow Unauthenticated File Upload.

2 Jul 2019
10.0
CVSS
CVE-2019-7267CRITICAL

Linear eMerge 50P/5000P devices allow Cookie Path Traversal.

2 Jul 2019
9.8
CVSS
CVE-2019-7266CRITICAL

Linear eMerge 50P/5000P devices allow Authentication Bypass.

2 Jul 2019
9.8
CVSS
CVE-2019-7265CRITICALpoc

Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH).

2 Jul 2019
9.8
CVSS
CVE-2019-7264CRITICAL

Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on the ARM platform.

2 Jul 2019
9.8
CVSS
CVE-2019-7263CRITICAL

Linear eMerge E3-Series devices have a Version Control Failure.

2 Jul 2019
9.8
CVSS
CVE-2019-7271CRITICAL

Nortek Linear eMerge 50P/5000P devices have Default Credentials.

2 Jul 2019
9.8
CVSS
CVE-2018-5439CRITICAL

A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges.

19 Feb 2018
9.8
CVSS
← PrevPage 1 / 1Next →