What is CVE-2022-31499?

CVE-2022-31499 is a vulnerability in N/a. Published 2022-08-25.

Is CVE-2022-31499 known to be exploited?

12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-31499

Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.

EPSS: 0.933 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

omarhashem123/CVE-2022-31499
ARPSyndicate/kenzer-templates
SYRTI/POC_
WhooAmii/POC_
k0mi-tg/CVE-POC
karimhabush/cyberowl
ARPSyndicate/cvemon
nomi-sec/PoC-in-GitHub
whoforget/CVE-POC
youwizard/CVE-POC

References

eg.linkedin.com/in/omar-1-hashem (x_refsource_MISC)
packetstormsecurity.com/files/167991/Nortek-Linear-eMerge-E3-Series-Command-Inj… (x_refsource_MISC)
gist.github.com/omarhashem123/5f0c6f1394099b555740fdc5c7651ee2 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-31499?: CVE-2022-31499 is a vulnerability in N/a. Published 2022-08-25.
Is CVE-2022-31499 known to be exploited?: 12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.