cbcvebase.
CVE-2022-31269
published 2022-08-25

CVE-2022-31269: Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in…

PriorityP261high8.2CVSS 3.1
AVNACLPRNUINSUCLIHAN
EXPLOIT
EPSS
5.05%
91.2th percentile
Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.)

Affected

1 ranges
VendorProductVersion rangeFixed in
nortekcontrolemerge_e3_firmware<= 0.32-09c

Detection & IOCsextracted from sources · hover to see the quote

path/test.txt
otherregex: Password='(.+?)'
yara
words: ['ID=', 'Password='] (condition: and, HTTP 200, Content-Type: text/plain) on path /test.txt
  • Send an unauthenticated HTTP GET request to /test.txt on the target device; a vulnerable device returns HTTP 200 with Content-Type: text/plain containing cleartext credentials in the form ID=... Password='...'
  • Shodan queries 'http.title:"Linear eMerge"', 'http.title:"emerge"', and 'http.title:"linear emerge"' can be used to identify internet-exposed devices susceptible to this vulnerability.
  • FOFA queries 'title="emerge"' and 'title="linear emerge"' can identify exposed Linear eMerge E3-Series devices.
  • Google dorks 'intitle:"linear emerge"' and 'intitle:"emerge"' can surface publicly indexed vulnerable devices.
  • ·The credential disclosure only occurs when the CVE-2019-7271 default credentials have been changed; devices still running factory defaults will not expose credentials via this path.
  • ·Affected firmware versions are 0.32-09c and below on Nortek Linear eMerge E3-Series devices.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.