Nortek Linear eMerge E3-Series versions 0.32-07p, 0.32-07e, 0.32-07p, 0.32-08f, and 0.32-09c suffer from an administrative credential disclosure vulnerability.
307313c2ca8b81c83cd5647ca35cba3eab21050364f124ce96583e8dff6bcfd4# Exploit Title: Nortek Linear eMerge E3-Series - Information
Disclosure lead to access admin dashboard
# Exploit Author: Omar Hashim
# Version: 0.32-07p,0.32-07e,0.32-07p,0.32-08f,0.32-09c
# Vendor home page : https://www.nortekcontrol.com/access-control/
# Vendor home page : https://linear-solutions.com/
# Authentication Required: No
# CVE : CVE-2022-31269
# Description
====================
Admin credentials are stored in clear text at the endpoint /test.txt
(This occurs in situations where the default credentials admin:admin have been
changed.) Allows an unauthenticated attacker to obtain admini
credentials, access
the admin dashboard of Linear eMerge E3-Series devices, control entire building
doors, cameras, elevator, etc... and access information about employees who can
access the building and take control of the entire building
#Proof Of Concept:
====================
http://<HOST:PORT>/test.txt