CVE-2022-31798

Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:nortekcontrol:emerge_e3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:nortekcontrol:emerge_e3:-:*:*:*:*:*:*:*

History

08 Aug 2023, 14:21

Type Values Removed Values Added
CWE CWE-79 CWE-384

02 Sep 2022, 20:25

Type Values Removed Values Added
CPE cpe:2.3:o:nortekcontrol:emerge_e3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:nortekcontrol:emerge_e3:-:*:*:*:*:*:*:*
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
References (MISC) https://eg.linkedin.com/in/omar-1-hashem - (MISC) https://eg.linkedin.com/in/omar-1-hashem - Not Applicable
References (MISC) http://packetstormsecurity.com/files/167992/Nortek-Linear-eMerge-E3-Series-Account-Takeover.html - (MISC) http://packetstormsecurity.com/files/167992/Nortek-Linear-eMerge-E3-Series-Account-Takeover.html - Third Party Advisory, VDB Entry
References (MISC) https://gist.github.com/omarhashem123/bccdcec70ab7e8f00519d56ea2e3fd79 - (MISC) https://gist.github.com/omarhashem123/bccdcec70ab7e8f00519d56ea2e3fd79 - Third Party Advisory

25 Aug 2022, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-08-25 23:15

Updated : 2024-02-04 22:51


NVD link : CVE-2022-31798

Mitre link : CVE-2022-31798

CVE.ORG link : CVE-2022-31798


JSON object : View

Products Affected

nortekcontrol

  • emerge_e3
  • emerge_e3_firmware
CWE
CWE-384

Session Fixation