CVE-2022-31798

MEDIUM NUCLEI

Nortek Linear eMerge E3-Series < 0.32-07p - Cross-Site Scripting and Session Fixation via CardFormatNo Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-31798. PoCs published by omarhashem123. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains only a README.md file describing CVE-2022-31798 as an account takeover vulnerability in Nortek Linear eMerge E3-Series. No exploit code or technical details are provided.

Description

Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account.

Exploits (1)

nomisec WRITEUP 1 stars
by omarhashem123 · poc
https://github.com/omarhashem123/CVE-2022-31798

The repository contains only a README.md file describing CVE-2022-31798 as an account takeover vulnerability in Nortek Linear eMerge E3-Series. No exploit code or technical details are provided.

Classification
Writeup 30%
Attack Type
Auth Bypass
Complexity
Theoretical
Reliability
Theoretical
Target: Nortek Linear eMerge E3-Series
No auth needed
Prerequisites: access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Nortek Linear eMerge E3-Series - Cross-Site Scripting
MEDIUMVERIFIEDby ritikchaddha
Shodan: http.title:"eMerge" || http.title:"emerge" || http.title:"linear emerge"
FOFA: title="emerge" || title="linear emerge"

References (3)

Core 3
Core References
Not Applicable x_refsource_misc
https://eg.linkedin.com/in/omar-1-hashem

Scores

CVSS v3 6.1
EPSS 0.0641
EPSS Percentile 92.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-384
Status published
Products (1)
nortekcontrol/emerge_e3_firmware < 0.32-07p
Published Aug 25, 2022
Tracked Since Feb 18, 2026