Nortek Linear eMerge E3-Series - RCE (CVE-2022-31499)
484Exploiting IPs reported
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.
CrowdSec analysis
CVE-2022-31499 is a critical vulnerability in Nortek Linear eMerge E3-Series devices prior to version 0.32-08f, allowing unauthenticated attackers to inject operating system commands via the ReaderNo parameter. This flaw, stemming from an incomplete fix for a previous vulnerability (CVE-2019-7256), could enable remote attackers to execute arbitrary commands, potentially leading to full system compromise.
CrowdSec has been tracking this vulnerability and its exploits since 5th of August 2025.
According to CrowdSec data, while opportunistic exploitation dominates, a portion of threat actors trying to exploit CVE-2022-31499 apply basic targeting methods such as port or service detection. This indicates emerging patterns of selective targeting. In addition, according to the CrowdSec network, attack volume against CVE-2022-31499 has dipped slightly compared to the previous week. Although still commonly targeted, the decline suggests a cooling-off period. Long-term relevance remains, but attention is waning.
Attackers exploit the ReaderNo
parameter in /card_scan.php
to inject shell commands, enabling remote code execution on Nortek Linear eMerge E3-Series devices.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Common Weakness Enumeration (CWE)
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.