Vulnerabilities > Nortekcontrol > Linear Emerge 5000P Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-07-02 CVE-2019-7270 Cross-Site Request Forgery (CSRF) vulnerability in Nortekcontrol products
Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF).
network
low complexity
nortekcontrol CWE-352
8.8
8.8
2019-07-02 CVE-2019-7269 OS Command Injection vulnerability in Nortekcontrol products
Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution.
network
low complexity
nortekcontrol CWE-78
critical
 9.8
9.8
2019-07-02 CVE-2019-7268 Unrestricted Upload of File with Dangerous Type vulnerability in Nortekcontrol products
Linear eMerge 50P/5000P devices allow Unauthenticated File Upload.
network
low complexity
nortekcontrol CWE-434
critical
 10.0
10
2019-07-02 CVE-2019-7267 Path Traversal vulnerability in Nortekcontrol products
Linear eMerge 50P/5000P devices allow Cookie Path Traversal.
network
low complexity
nortekcontrol CWE-22
critical
 9.8
9.8
2019-07-02 CVE-2019-7266 Reliance on Cookies without Validation and Integrity Checking vulnerability in Nortekcontrol products
Linear eMerge 50P/5000P devices allow Authentication Bypass.
network
low complexity
nortekcontrol CWE-565
critical
 9.8
9.8
2019-07-01 CVE-2019-7271 Insufficiently Protected Credentials vulnerability in Nortekcontrol products
Nortek Linear eMerge 50P/5000P devices have Default Credentials.
network
low complexity
nortekcontrol CWE-522
critical
 9.8
9.8