CVE-2022-31499

CRITICAL EXPLOITED IN THE WILD NUCLEI

Nortek Linear eMerge E3-Series <0.32-08f - Command Injection

Title source: llm

Description

Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.

Exploits (1)

nomisec WRITEUP 1 stars

by omarhashem123 · poc

https://github.com/omarhashem123/CVE-2022-31499

View Code ZIP pw:eip

Nuclei Templates (1)

Nortek Linear eMerge E3-Series <0.32-08f - Remote Command Injection

CRITICALVERIFIEDby pikpikcu

Shodan: title:"eMerge" || http.title:"emerge" || http.title:"linear emerge"

FOFA: title="emerge" || title="linear emerge"

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/167991/Nortek-Linear-eMerge-E3-Series-Command-Injection.html

[Not Applicable] https://eg.linkedin.com/in/omar-1-hashem

[Exploit, Third Party Advisory] https://gist.github.com/omarhashem123/5f0c6f1394099b555740fdc5c7651ee2

Scores

CVSS v3 9.8

EPSS 0.9325

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-01-12

InTheWild.io 2023-01-12

CWE

CWE-78

Status published

Products (1)

nortekcontrol/emerge_e3_firmware < 0.32-09c

Published Aug 25, 2022

Tracked Since Feb 18, 2026