S4E

CVE-2022-31798 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in Nortek Linear eMerge E3-Series affects v. 0.32-07p.

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

29 days

Scan only one

URL

Toolbox

-

Nortek Linear eMerge E3-Series is a security access control system that is widely used for its reliability and efficiency. This product is designed to provide comprehensive security solutions for various premises, including corporate offices, warehouses, hospitals, schools, and other public institutions. The Nortek Linear eMerge E3-Series is known for its ability to support multiple cards and credentials, making it one of the most desirable access control systems on the market.

Recently, a security vulnerability, CVE-2022-31798, has been detected in the Nortek Linear eMerge E3-Series access control system. This vulnerability affects the system's /card_scan.php?CardFormatNo= endpoint and allows an attacker to exploit XSS (Cross-Site Scripting) with session fixation using the PHPSESSID. When these devices are chained together, this loophole in security can enable an attacker to take over an admin account or user account.

Exploiting the CVE-2022-31798 vulnerability can lead to severe consequences. Since an attacker can easily take control of the admin account or a user account, they can access all the confidential data and system logs. This vulnerability can give an attacker remote command execution access, allowing them to execute system-level commands and create new user accounts. If an attacker exploits this vulnerability, they can even disable the entire security access control that can put the entire facility at risk.

In conclusion, security vulnerabilities can pose significant risks to both individuals and organizations that rely on access control systems. Thanks to the pro feature of the s4e.io platform, users can easily and quickly learn about vulnerabilities in their digital assets. The platform provides timely security updates, effective notifications, and expert support, helping users protect their digital assets from security threats. Therefore, it is crucial to keep up with the security updates and best practices to mitigate potential threats and avoid security breaches.

 

REFERENCES

Get started to protecting your Free Full Security Scan