CVE-2022-42710

moderate-risk

Published 2023-01-03

Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e devices are vulnerable to Stored Cross-Site Scripting (XSS).

Do I need to act?

-

0.26% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

5

CVSS 5.4/10 Medium

NETWORK / LOW complexity

Affected Products (6)

Linear Emerge E3 Access Control Firmware

Linear Emerge E3 Access Control Firmware

Linear Emerge E3 Access Control Firmware

Linear Emerge E3 Access Control Firmware

Linear Emerge E3 Access Control Firmware

Linear Emerge E3 Access Control Firmware

Affected Vendors

Niceforyou

References (2)

Exploit https://github.com/omarhashem123/Security-Research/blob/main/CVE-2022-42710/CVE-...

Exploit https://github.com/omarhashem123/Security-Research/blob/main/CVE-2022-42710/CVE-...

35

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 13/34 · Low