CVE-2022-31269

2022-08-2522:15:08

CWE-798

mitre

web.nvd.nist.gov

nortek

linear

emerge

e3-series

cve-2022-31269

security

access control

unauthorized access

credentials

vulnerability

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

AI Score

8.1

Confidence

High

EPSS

0.011

Percentile

85.0%

JSON

Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building’s doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.)

Affected configurations

Nvd

Node

nortekcontrolemerge_e3_firmwareRange≤0.32-09c

AND

nortekcontrolemerge_e3Match-

VendorProductVersionCPE
nortekcontrolemerge_e3_firmware*cpe:2.3:o:nortekcontrol:emerge_e3_firmware:*:*:*:*:*:*:*:*
nortekcontrolemerge_e3-cpe:2.3:h:nortekcontrol:emerge_e3:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nortekcontrol	emerge_e3_firmware	*	cpe:2.3:o:nortekcontrol:emerge_e3_firmware::::::::
nortekcontrol	emerge_e3	-	cpe:2.3:h:nortekcontrol:emerge_e3:-:::::::*