Critical Nortek Linear eMerge E3 system flaw remains unaddressed

Numerous Nortek Linear eMerge E3 access controller variants are impacted by a critical vulnerability, tracked as CVE-2024-9441, which could be leveraged for arbitrary operating system command execution, The Hacker News reports.

Affected by the flaw, which has remained unresolved since being detailed by SSD Disclosure in an advisory late last month, were Linear eMerge E3 versions 0.32-03i, 0.32-04m, 0.32-05p, 0.32-05z, 0.32-07p, 0.32-07e, 0.32-08e, 0.32-08f, 0.32-09c, 1.00.05, and 1.00.07, according to SSD Disclosure. While Nortek parent firm Nice has advised the implementation of network segmentation, firewalls, and other security best practices, it was noted by VulnCheck's Jacob Baines as unlikely to immediately issue a security patch addressing the issue as evidenced by the years-long wait for a fix for the maximum severity E3 vulnerability, tracked as CVE-2019-7256, which had been used to power the Raptor Train botnet. "Organizations using the Linear Emerge E3 series should act quickly to take these devices offline or isolate them," said Baines.