MidnightBSD

Advisories for niceforyou

CVE-2022-38627

Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a SQL injection vulnerability via the idt parameter.

Products Affected

Vendor Product Version
niceforyou linear_emerge_e3_access_control_firmware 0.32-08e
niceforyou linear_emerge_e3_access_control_firmware 0.32-08f
niceforyou linear_emerge_e3_access_control_firmware 0.32-09a
niceforyou linear_emerge_e3_access_control_firmware 0.32-09c
niceforyou linear_emerge_e3_access_control_firmware 0.32-07e
niceforyou linear_emerge_e3_access_control_firmware 0.32-07p
CVE-2022-38628

Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a local session fixation. This vulnerability allows attackers to escalate privileges via unspecified vectors.

Products Affected

Vendor Product Version
niceforyou linear_emerge_e3_access_control_firmware 0.32-08e
niceforyou linear_emerge_e3_access_control_firmware 0.32-08f
niceforyou linear_emerge_e3_access_control_firmware 0.32-09b
niceforyou linear_emerge_e3_access_control_firmware 0.32-09a
niceforyou linear_emerge_e3_access_control_firmware 0.32-09c
niceforyou linear_emerge_e3_access_control_firmware 0.32-07e
niceforyou linear_emerge_e3_access_control_firmware 0.32-07p
CVE-2022-42710

Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e devices are vulnerable to Stored Cross-Site Scripting (XSS).

Products Affected

Vendor Product Version
niceforyou linear_emerge_e3_access_control_firmware 0.32-08e
niceforyou linear_emerge_e3_access_control_firmware 0.32-08f
niceforyou linear_emerge_e3_access_control_firmware 0.32-09a
niceforyou linear_emerge_e3_access_control_firmware 0.32-09c
niceforyou linear_emerge_e3_access_control_firmware 0.32-07e
niceforyou linear_emerge_e3_access_control_firmware 0.32-07p
CVE-2022-46381

Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.

Products Affected

Vendor Product Version
niceforyou linear_emerge_e3_access_control_firmware 0.32-08e
niceforyou linear_emerge_e3_access_control_firmware 0.32-08f
niceforyou linear_emerge_e3_access_control_firmware 0.32-09b
niceforyou linear_emerge_e3_access_control_firmware 0.32-09a
niceforyou linear_emerge_e3_access_control_firmware 0.32-09c
niceforyou linear_emerge_e3_access_control_firmware 0.32-07e
niceforyou linear_emerge_e3_access_control_firmware 0.32-07p
CVE-2025-25504

An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
niceforyou gefen_webfwc 1.86v
niceforyou gefen_webfwc 1.85h
niceforyou gefen_webfwc 1.70v