.. / CVE-2022-31269

Exploit for Linear eMerge E3-Series - Information Disclosure (CVE-2022-31269)

Description:

Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control building access and cameras, and access employee information.

Nuclei Template

View the template here CVE-2022-31269.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-31269.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://eg.linkedin.com/in/omar-1-hashem
https://nvd.nist.gov/vuln/detail/CVE-2022-31269
https://www.nortekcontrol.com/access-control/
https://packetstormsecurity.com/files/167990/Nortek-Linear-eMerge-E3-Series-Credential-Disclosure.html

.. / CVE-2022-31269 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Linear eMerge E3-Series - Information Disclosure (CVE-2022-31269)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-31269