Nortek Linear eMerge E3-Series Account Takeover

Nortek Linear eMerge E3-Series version 0.32-07p suffers from a vulnerability where session fixation tied with cross site scripting can allow for account takeover.

SHA-256 | 6a30c71e741d3009dbaf81b18d14a4260f6043c44ce1ca7ff3fc8841c01a990e

# Exploit Title: Nortek Linear eMerge E3-Series - Account Take Over
# Exploit Author: Omar Hashim
# Version: 0.32-07p
# Vendor home page:
# Vendor home page:
# Authentication Required: No
# CVE: CVE-2022-31798

# Description
There is local session fixation that chained with reflected cross-site
scripting leads to account take over of admin or less privileged users

# Proof Of Concept:
src=x onerror=alert(document.location)>

Related Posts