Omarhashem123

**Name of the Vulnerable Software and Affected Versions** Linear eMerge E3-Series versions 0.32-07e through 0.32-09c **Description** The issue affects certain Linear eMerge E3-Series devices, where they are vulnerable to XSS via the `type` parameter, specifically in the badging/badge template v0.php component. **Recommendations** For versions 0.32-07e through 0.32-09c, as a temporary workaround, consider restricting access to the badging/badge template v0.php component until a patch is available. Avoid using the `type` parameter in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nortek Linear eMerge E3-Series devices versions 0.32-09c and earlier **Description** The issue allows an attacker to obtain admin credentials stored in /test.txt, which can be used to open a building's doors. This occurs even when default credentials have been changed. **Recommendations** For versions 0.32-09c and earlier, remove or restrict access to the /test.txt file to prevent exposure of admin credentials. Consider changing admin credentials and limiting access to the device to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Nortek Linear eMerge E3-Series devices versions prior to 0.32-08f **Description** The issue allows an unauthenticated attacker to inject OS commands via the `ReaderNo` variable. This is due to an incomplete fix for a previously known issue. **Recommendations** For versions prior to 0.32-08f, update to version 0.32-08f or later to resolve the issue. As a temporary workaround, consider restricting access to the `ReaderNo` variable to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Nortek Linear eMerge E3-Series version 0.32-07p **Description** The issue allows an attacker to take over an admin account or a user account through a combination of XSS and session fixation via the `PHPSESSID` when devices are chained together. This is exploited through the "/card scan.php?CardFormatNo=" endpoint, allowing for session fixation. **Recommendations** For Nortek Linear eMerge E3-Series version 0.32-07p, consider disabling access to the "/card scan.php?CardFormatNo=" endpoint until a patch is available to prevent XSS and session fixation attacks. Additionally, restrict the use of the `PHPSESSID` to minimize the risk of session fixation.