[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Nortek Linear eMerge E3-Series Credential Disclosure Vulnerability

Author
Omar Hashim
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-37897
Category
web applications
Date add
08-08-2022
CVE
CVE-2022-31269
Platform
php
# Exploit Title: Nortek Linear eMerge E3-Series - Information
Disclosure lead to access admin dashboard
# Exploit Author: Omar Hashim
# Version: 0.32-07p,0.32-07e,0.32-07p,0.32-08f,0.32-09c
# Vendor home page : https://www.nortekcontrol.com/access-control/
# Vendor home page : https://linear-solutions.com/
# Authentication Required: No
# CVE : CVE-2022-31269

# Description
 ====================
Admin credentials are stored in clear text at the endpoint /test.txt
(This occurs in situations where the default credentials admin:admin have been
changed.) Allows an unauthenticated attacker to obtain admini
credentials, access
the admin dashboard of Linear eMerge E3-Series devices, control entire building
doors, cameras, elevator, etc... and access information about employees who can
access the building and take control of the entire building


#Proof Of Concept:
 ====================

http://<HOST:PORT>/test.txt

#  0day.today [2024-12-25]  #