Enhancement: cves/2022/CVE-2022-31269.yaml by md
parent
b857eb9ace
commit
7f0e353ec1
|
@ -1,16 +1,16 @@
|
|||
id: CVE-2022-31269
|
||||
|
||||
info:
|
||||
name: eMerge E3-Series - Information Disclosure
|
||||
name: Linear eMerge E3-Series - Information Disclosure
|
||||
author: For3stCo1d
|
||||
severity: high
|
||||
description: |
|
||||
Admin credentials are stored in clear text at the endpoint /test.txt (This occurs in situations where the default credentials admin:admin have beenchanged.) Allows an unauthenticated attacker to obtain adminicredentials, access the admin dashboard of Linear eMerge E3-Series devices, control entire building doors, cameras, elevator, etc... and access information about employees who can access the building and take control of the entire building.
|
||||
Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control building access and cameras, and access employee information.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/167990/Nortek-Linear-eMerge-E3-Series-Credential-Disclosure.html
|
||||
- https://www.nortekcontrol.com/access-control/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-31269
|
||||
- https://eg.linkedin.com/in/omar-1-hashem
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-31269
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
|
||||
cvss-score: 8.2
|
||||
|
@ -47,3 +47,5 @@ requests:
|
|||
- type: regex
|
||||
regex:
|
||||
- Password='(.+?)'
|
||||
|
||||
# Enhanced by md on 2023/02/03
|
||||
|
|
Loading…
Reference in New Issue