Lucene search

[email protected]CVE-2022-31269

HistoryAug 25, 2022 - 10:15 p.m.

CVE-2022-31269

2022-08-2522:15:08

CWE-798

[email protected]

web.nvd.nist.gov

nortek

linear

emerge

e3-series

cve-2022-31269

security

access control

unauthorized access

credentials

vulnerability

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

8.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.9%

JSON

Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building’s doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.)

Affected configurations

NVD

Node

nortekcontrolemerge_e3_firmwareRange≤0.32-09c

AND

nortekcontrolemerge_e3Match-

CPENameOperatorVersion
nortekcontrol:emerge_e3_firmwarenortekcontrol emerge e3 firmwarele0.32-09c

CPE	Name	Operator	Version
nortekcontrol:emerge_e3_firmware	nortekcontrol emerge e3 firmware	le	0.32-09c

References

packetstormsecurity.com/files/167990/Nortek-Linear-eMerge-E3-Series-Credential-Disclosure.html

eg.linkedin.com/in/omar-1-hashem

gist.github.com/omarhashem123/71ec9223e90ea76a76096d777d9b945c

www.nortekcontrol.com/access-control/

Social References

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

8.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.9%

JSON

Related for CVE-2022-31269

cvelist2 nvd2 prion2 nuclei1 githubexploit1 packetstorm1 zdt1 cve1