Hub Appsec rule

More info

vpatch-CVE-2022-31499 AppSec Rule

« vpatch-CVE-2022-31499 »
v0.1 by crowdsecurity
AppSec rule

Detects remote command injection in Nortek Linear eMerge E3-Series via ReaderNo parameter.

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2022-31499

YAML Configuration

1## autogenerated on 2025-08-07 14:40:55
2name: crowdsecurity/vpatch-CVE-2022-31499
3description: 'Detects remote command injection in Nortek Linear eMerge E3-Series via ReaderNo parameter.'
4rules:
5  - and:
6      - zones:
7          - URI
8        transform:
9          - lowercase
10        match:
11          type: contains
12          value: /card_scan.php
13      - zones:
14          - ARGS
15        variables:
16          - readerno
17        transform:
18          - lowercase
19          - urldecode
20        match:
21          type: contains
22          value: '`'
23
24labels:
25  type: exploit
26  service: http
27  confidence: 3
28  spoofable: 0
29  behavior: 'http:exploit'
30  label: 'Nortek Linear eMerge E3-Series - RCE'
31  classification:
32    - cve.CVE-2022-31499
33    - attack.T1190
34    - cwe.CWE-78
35

Hub Appsec rule

« vpatch-CVE-2022-31499 »v0.1 by crowdsecurityAppSec rule

« vpatch-CVE-2022-31499 »
v0.1 by crowdsecurity
AppSec rule