CrowdSec
4/10CrowdSec Score

Nortek Linear eMerge E3-Series - RCE (CVE-2022-31499)

Published on25-08-2022
First seen on22-09-2025

484Exploiting IPs reported

Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.

CrowdSec analysis

CVE-2022-31499 is a critical vulnerability in Nortek Linear eMerge E3-Series devices prior to version 0.32-08f, allowing unauthenticated attackers to inject operating system commands via the ReaderNo parameter. This flaw, stemming from an incomplete fix for a previous vulnerability (CVE-2019-7256), could enable remote attackers to execute arbitrary commands, potentially leading to full system compromise.

CrowdSec has been tracking this vulnerability and its exploits since 5th of August 2025.

According to CrowdSec data, while opportunistic exploitation dominates, a portion of threat actors trying to exploit CVE-2022-31499 apply basic targeting methods such as port or service detection. This indicates emerging patterns of selective targeting. In addition, according to the CrowdSec network, attack volume against CVE-2022-31499 has dipped slightly compared to the previous week. Although still commonly targeted, the decline suggests a cooling-off period. Long-term relevance remains, but attention is waning.

Attackers exploit the ReaderNo parameter in /card_scan.php to inject shell commands, enabling remote code execution on Nortek Linear eMerge E3-Series devices.

Exploitation

Get real-time information about exploitation attempts and actors involved.

Detected IPs

Discover the IPs that targeted this vulnerability across the CrowdSec Network.

Protection

Find out relevant information to protect your stack against this CVE.

Blocklist

With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.

To increase your protection against this CVE, block exploitation attempts with this list of identified actors.