CVE-2022-31269
published 2022-08-25CVE-2022-31269: Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in…
PriorityP261high8.2CVSS 3.1
AVNACLPRNUINSUCLIHAN
EXPLOIT
EPSS
5.05%
91.2th percentile
Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.)
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nortekcontrol | emerge_e3_firmware | <= 0.32-09c | — |
Detection & IOCsextracted from sources · hover to see the quote
otherregex: Password='(.+?)'
yara
words: ['ID=', 'Password='] (condition: and, HTTP 200, Content-Type: text/plain) on path /test.txt
- →Send an unauthenticated HTTP GET request to /test.txt on the target device; a vulnerable device returns HTTP 200 with Content-Type: text/plain containing cleartext credentials in the form ID=... Password='...'
- →Shodan queries 'http.title:"Linear eMerge"', 'http.title:"emerge"', and 'http.title:"linear emerge"' can be used to identify internet-exposed devices susceptible to this vulnerability.
- →FOFA queries 'title="emerge"' and 'title="linear emerge"' can identify exposed Linear eMerge E3-Series devices.
- →Google dorks 'intitle:"linear emerge"' and 'intitle:"emerge"' can surface publicly indexed vulnerable devices.
- ·The credential disclosure only occurs when the CVE-2019-7271 default credentials have been changed; devices still running factory defaults will not expose credentials via this path. ↗
- ·Affected firmware versions are 0.32-09c and below on Nortek Linear eMerge E3-Series devices. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Linear eMerge E3-Series - Information Disclosure
nuclei·CVSS 8.2
CVE-2022-31269 [HIGH] Linear eMerge E3-Series - Information Disclosure
Linear eMerge E3-Series - Information Disclosure
Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control building access and cameras, and access employee information.
Template:
id: CVE-2022-31269
info:
name: Linear eMerge E3-Series - Information Disclosure
author: For3stCo1d
severity: high
description: |
Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials,
No writeups or analysis indexed.
http://packetstormsecurity.com/files/167990/Nortek-Linear-eMerge-E3-Series-Credential-Disclosure.htmlhttps://eg.linkedin.com/in/omar-1-hashemhttps://gist.github.com/omarhashem123/71ec9223e90ea76a76096d777d9b945chttps://www.nortekcontrol.com/access-control/http://packetstormsecurity.com/files/167990/Nortek-Linear-eMerge-E3-Series-Credential-Disclosure.htmlhttps://eg.linkedin.com/in/omar-1-hashemhttps://gist.github.com/omarhashem123/71ec9223e90ea76a76096d777d9b945chttps://www.nortekcontrol.com/access-control/
2022-08-25
Published