What is CVE-2022-31798?

CVE-2022-31798 is a vulnerability in N/a. Published 2022-08-25.

Is CVE-2022-31798 known to be exploited?

13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-31798

Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user a…

EPSS: 0.866 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

omarhashem123/CVE-2022-31798
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
SYRTI/POC_
WhooAmii/POC_
k0mi-tg/CVE-POC
ARPSyndicate/cve-scores
manas3c/CVE-POC
nomi-sec/PoC-in-GitHub
whoforget/CVE-POC

References

eg.linkedin.com/in/omar-1-hashem (x_refsource_MISC)
packetstormsecurity.com/files/167992/Nortek-Linear-eMerge-E3-Series-Account-Tak… (x_refsource_MISC)
gist.github.com/omarhashem123/bccdcec70ab7e8f00519d56ea2e3fd79 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-31798?: CVE-2022-31798 is a vulnerability in N/a. Published 2022-08-25.
Is CVE-2022-31798 known to be exploited?: 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.