CVE-2022-31269 PoC — Nortek Control Linear eMerge E3-Series 信任管理问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-31269.yaml

Associated Vulnerability

Title:Nortek Control Linear eMerge E3-Series 信任管理问题漏洞 (CVE-2022-31269)
Description:Nortek Control Linear eMerge E3-Series是美国Nortek Control公司的一种门禁控制器。可指定人员在指定时间可以使用哪些门进出指定地点。 Nortek Control Linear eMerge E3-Series 存在安全漏洞，该漏洞源于管理凭据以明文形式存在于/test.txt中，这导致未经身份验证的攻击者获取到管理凭据以访问管理仪表盘进而控制整个建筑的门、电梯等。以下版本受到影响：0.32-07p、0.32-07e、0.32-28f、0.32-09c。

Description

Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control building access and cameras, and access employee information.

File Snapshot


 id: CVE-2022-31269

info:
  name: Linear eMerge E3-Series - Information Disclosure
  author: For3stC

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!