Numerous Nortek Linear eMerge E3 access controller variants are impacted by a critical vulnerability, tracked as CVE-2024-9441, which could be leveraged for arbitrary operating system command execution, The Hacker News reports.
The flaw has remained unresolved since being detailed by SSD Disclosure in an advisory late last month.
Linear eMerge E3 versions 0.32-03i, 0.32-04m, 0.32-05p, 0.32-05z, 0.32-07p, 0.32-07e, 0.32-08e, 0.32-08f, 0.32-09c, 1.00.05, and 1.00.07 are impacted by the flaw, according to SSD Disclosure.
While Nortek parent firm Nice has advised the implementation of network segmentation, firewalls, and other security best practices, VulnCheck's Jacob Baines said it was unlikely to immediately issue a security patch addressing the issue as evidenced by the years-long wait for a fix for the maximum severity E3 vulnerability, tracked as CVE-2019-7256, which had been used to power the Raptor Train botnet.
"Organizations using the Linear Emerge E3 series should act quickly to take these devices offline or isolate them," said Baines.