CVE-2022-31499
published 2022-08-25CVE-2022-31499: Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of…
PriorityP189critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
64.83%
99.1th percentile
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nortekcontrol | emerge_e3_firmware | <= 0.32-09c | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Time-based detection: HTTP GET to /card_scan.php with backtick-wrapped OS command in ReaderNo parameter causes a measurable delay (>=7s response duration) indicating successful command injection. ↗
- →Shodan/FOFA/Google dork pivots to identify exposed eMerge devices: search for title 'eMerge', 'emerge', or 'linear emerge'. ↗
- →Exploitation requires no authentication (PR:N, UI:N); any unauthenticated HTTP GET to /card_scan.php with a crafted ReaderNo parameter is sufficient to trigger OS command injection. ↗
- ·This vulnerability is an incomplete fix for CVE-2019-7256; devices patched for the earlier CVE may still be vulnerable if not updated to firmware >= 0.32-08f. ↗
- ·Affected scope is Nortek Linear eMerge E3-Series firmware versions before 0.32-08f only; devices running 0.32-08f or later are not affected. ↗
- ·Detection template uses a 15-second HTTP timeout and a 7-second sleep payload; network latency may affect time-based detection accuracy and produce false positives or negatives. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jw4j-j3xr-4wff: Nortek Linear eMerge E3-Series devices before 0
ghsa_unreviewed·2022-08-26·CVSS 9.8
CVE-2022-31499 [CRITICAL] CWE-78 GHSA-jw4j-j3xr-4wff: Nortek Linear eMerge E3-Series devices before 0
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.
VulnCheck
nortekcontrol emerge_e3_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
vulncheck·2022·CVSS 9.8
CVE-2022-31499 [CRITICAL] nortekcontrol emerge_e3_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
nortekcontrol emerge_e3_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.
Affected: nortekcontrol emerge_e3_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://web.archive.org/web/20230318134256/https://unit42.paloaltonetworks.com/network-security-trends-aug-oct-2022/; https://unit42.paloaltonetworks.com/mirai-variant-targets-iot-exploits/; https://app.crowdsec.net/cti/cve-explorer/CVE-2022-31499
No detection rules found.
Nuclei
Nortek Linear eMerge E3-Series <0.32-08f - Remote Command Injection
nuclei·CVSS 9.8
CVE-2022-31499 [CRITICAL] Nortek Linear eMerge E3-Series <0.32-08f - Remote Command Injection
Nortek Linear eMerge E3-Series =0.32-08f) to mitigate this vulnerability.
reference:
- https://packetstormsecurity.com/files/167991/Nortek-Linear-eMerge-E3-Series-Command-Injection.html
- https://github.com/omarhashem123/CVE-2022-31499
- http://packetstormsecurity.com/files/167991/Nortek-Linear-eMerge-E3-Series-Command-Injection.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-31499
- https://eg.linkedin.com/in/omar-1-hashem
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-31499
cwe-id: CWE-78
epss-score: 0.93251
epss-percentile: 0.99804
cpe: cpe:2.3:o:nortekcontrol:emerge_e3_firmware:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: nortekcontrol
product: emerge_e3_firmware
shodan-query:
- title:"eMerge"
- http.title
Unit42
IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits
blogs_unit42·2023-06-22·CVSS 9.8
CVE-2019-12725 [CRITICAL] IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits
## Executive Summary
Since March 2023, Unit 42 researchers have observed threat actors leveraging several IoT vulnerabilities to spread a variant of the Mirai botnet. The vulnerabilities exploited include those listed in the following table:
CVE/Product
Description
CVE-2019-12725
Zeroshell Remote Command Execution Vulnerability
CVE-2019-17621
D-Link DIR-859 Remote Command Injection Vulnerability
CVE-2019-20500
D-Link DWL-2600AP Remote Command Execution Vulnerability
CVE-2021-25296
Nagios XI Remote Command Injection Vulnerability
CVE-2021-46422
Telesquare SDT-CW3B1 Router Command Injection Vulnerability
CVE-2022-27002
Arris TR3300 Remote Command Injection Vulnerability
CVE-2022-29303
SolarView Compact Command Injection Vulnerability
CVE-2022-30023
Tenda HG9 Router Command Injectio
Unit42
IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits
blogs_unit42·2023-06-22·CVSS 9.8
CVE-2019-12725 [CRITICAL] IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits
Threat Research Center
Trend Reports
Vulnerabilities
## IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits
Chao Lei
Zhibin Zhang
Yiheng An
Cecilia Hu
Published: June 22, 2023
Trend Reports
Vulnerabilities
Botnet
CVE-2019-12725
CVE-2019-17621
CVE-2019-20500
CVE-2021-25296
CVE-2021-46422
CVE-2022-27002
CVE-2022-29303
CVE-2022-30023
CVE-2022-30525
CVE-2022-31499
CVE-2022-36266
CVE-2022-40005
CVE-2022-45699
CVE-2023-1389
CVE-2023-25280
CVE-2023-27240
IoT
IoT Security
Mirai
## Executive Summary
Since March 2023, Unit 42 researchers have observed threat actors leveraging several IoT vulnerabilities to spread a variant of the Mirai botnet. The vulnerabilities exploited include those listed in the following table:
CVE/Pro
http://packetstormsecurity.com/files/167991/Nortek-Linear-eMerge-E3-Series-Command-Injection.htmlhttps://eg.linkedin.com/in/omar-1-hashemhttps://gist.github.com/omarhashem123/5f0c6f1394099b555740fdc5c7651ee2http://packetstormsecurity.com/files/167991/Nortek-Linear-eMerge-E3-Series-Command-Injection.htmlhttps://eg.linkedin.com/in/omar-1-hashemhttps://gist.github.com/omarhashem123/5f0c6f1394099b555740fdc5c7651ee2
2022-08-25
Published
Exploited in the wild