CVE-2024-9441: Unpatched Flaw Exposes Linear eMerge Systems to Remote Attacks, PoC Published
A severe security vulnerability has been identified in the Linear eMerge e3-Series access control systems, affecting versions up to 1.00-07. Designated as CVE-2024-9441 with a CVSS score of 9.8, this OS command injection vulnerability allows remote, unauthenticated attackers to execute arbitrary operating system commands via the login_id parameter in the password recovery functionality.
This critical flaw was discovered by an independent security researcher collaborating with SSD Secure Disclosure. Despite being notified five months ago, the vendor has yet to release a fix, solution, or workaround for this vulnerability.
The vulnerability resides in the password recovery feature of the Linear eMerge e3-Series access control system’s web interface. When a user invokes the forgot_password functionality, the system fails to properly sanitize the login_id parameter. This oversight allows an attacker to inject malicious OS commands, which are executed with the privileges of the web server user—lighttpd—who belongs to the root group. Effectively, this grants the attacker root-level access to the device.
Notably, the CVE-2024-9441 vulnerability can be exploited without authentication, making it exceptionally dangerous as it lowers the barrier for potential attackers. The researcher has published technical details and proof-of-concept code for this vulnerability.
The following versions of the Linear eMerge e3-Series are affected:
- 0.32-03i
- 0.32-04m
- 0.32-05p
- 0.32-05z
- 0.32-07p
- 0.32-07e
- 0.32-08e
- 0.32-08f
- 0.32-09c
- 1.00.05
- 1.00.07
Upon notification, the vendor provided the following statement:
“We would like to point out that we always recommend that our customers follow best practices to prevent unauthorised access to E3 and TE systems. Best practices include, not placing the product on their corporate network, not placing the product on the open internet, to install the product behind a network firewall and to use a VPN to access the product.”
While these recommendations are prudent, they do not address the underlying vulnerability. Users and organizations relying on these systems remain at risk until an official patch is released.
An attacker exploiting this vulnerability could:
- Gain Root Access: Execute arbitrary commands with root-level privileges.
- Compromise System Integrity: Install malware, create backdoors, or manipulate system configurations.
- Exfiltrate Sensitive Data: Access confidential information stored on the device or network.
- Pivot Attacks: Use the compromised device as a foothold to launch further attacks within the network.
Given that Linear eMerge e3-Series systems are often used in critical security infrastructures for access control, the potential consequences are severe.
