Share
## https://sploitus.com/exploit?id=PACKETSTORM:167990
# Exploit Title: Nortek Linear eMerge E3-Series - Information  
Disclosure lead to access admin dashboard  
# Exploit Author: Omar Hashim  
# Version: 0.32-07p,0.32-07e,0.32-07p,0.32-08f,0.32-09c  
# Vendor home page : https://www.nortekcontrol.com/access-control/  
# Vendor home page : https://linear-solutions.com/  
# Authentication Required: No  
# CVE : CVE-2022-31269  
  
# Description  
====================  
Admin credentials are stored in clear text at the endpoint /test.txt  
(This occurs in situations where the default credentials admin:admin have been  
changed.) Allows an unauthenticated attacker to obtain admini  
credentials, access  
the admin dashboard of Linear eMerge E3-Series devices, control entire building  
doors, cameras, elevator, etc... and access information about employees who can  
access the building and take control of the entire building  
  
  
#Proof Of Concept:  
====================  
  
http://<HOST:PORT>/test.txt