What is linear emerge E3?
Nortek Security and Control LLC’s Linear eMerge E3 is an access controller that specifies which doors a person can use to enter and exit designated places at specified times. It runs on embedded Linux Operating System and the system can be managed from a browser via embedded web server.
What is emerge essential™?
The eMerge Essential™ embedded browser-based network appliance makes advanced security technology reliable and affordable for any entry-level access control application. With tens of thousands of access control systems deployed in the field, and backed by decades of experience, Linear continues to deliver unprecedented value and innovation.
What is a command injection vulnerability in emerge e3-series?
A Command Injection vulnerability has been reported in eMerge E3-series access controller. This issue is triggered due to insufficient sanitizing of user-supplied inputs to a PHP function allowing arbitrary command execution with root privileges.
How many emerge devices are there?
As per Applied Risk’s research report, a total number of 2,375 Internet-accessible eMerge devices are listed by the Shodan search engine; 600 for eMerge50P and 1775 for eMerge E3. A quick search on Shodan exposes over 2000 linear devices.
Why is emerge E3 vulnerable?
What does malware do with C2?
About this website
Why is emerge E3 vulnerable?
This issue is triggered due to insufficient sanitizing of user-supplied inputs to a PHP function allowing arbitrary command execution with root privileges. A remote unauthenticated attacker can exploit this to execute arbitrary commands within the context of the application, via a crafted HTTP request.
What does malware do with C2?
The malware then accepts commands from its C2 server to conduct various types of DoS attacks against any given target.
Why is emerge E3 vulnerable?
This issue is triggered due to insufficient sanitizing of user-supplied inputs to a PHP function allowing arbitrary command execution with root privileges. A remote unauthenticated attacker can exploit this to execute arbitrary commands within the context of the application, via a crafted HTTP request.
What does malware do with C2?
The malware then accepts commands from its C2 server to conduct various types of DoS attacks against any given target.