CVE-2022-31269

HIGH NUCLEI

Nortek Linear eMerge E3-Series <0.32-09c - Info Disclosure

Title source: llm

Description

Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.)

Exploits (2)

nomisec WRITEUP 1 stars

by omarhashem123 · poc

https://github.com/omarhashem123/CVE-2022-31269

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by Henry4E36 · poc

https://github.com/Henry4E36/CVE-2022-31269

View Code ZIP pw:eip

Nuclei Templates (1)

Linear eMerge E3-Series - Information Disclosure

HIGHVERIFIEDby For3stCo1d

Shodan: http.title:"Linear eMerge" || http.title:"emerge" || http.title:"linear emerge"

FOFA: title="emerge" || title="linear emerge"

References (4)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/167990/Nortek-Linear-eMerge-E3-Series-Credential-Disclosure.html

[Not Applicable] https://eg.linkedin.com/in/omar-1-hashem

[Exploit, Third Party Advisory] https://gist.github.com/omarhashem123/71ec9223e90ea76a76096d777d9b945c

[Product] https://www.nortekcontrol.com/access-control/

Scores

CVSS v3 8.2

EPSS 0.8101

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Details

CWE

CWE-798

Status published

Products (1)

nortekcontrol/emerge_e3_firmware < 0.32-09c

Published Aug 25, 2022

Tracked Since Feb 18, 2026