Linear eMerge E3 Multiple Security Vulnerabilities

Nortek has announced a critical vulnerabilities in Linear eMerge E3-Series. The vulnerabilities exists because the affected product fails to sanitize HTTP request parameter values, which can be used to construct a shell commands. This allows an attacker to execute arbitrary commands on the affected system as a root.

Below CVE id’s has been assigned to track these vulnerabilities.

CVE-2019-7252 – Default Credentials
CVE-2019-7253 – Unauthenticated Directory Traversal
CVE-2019-7254 – Unauthenticated File Inclusion
CVE-2019-7255 – Cross-Site Scripting
CVE-2019-7256 – Unauthenticated Command Injection
CVE-2019-7257 – Unrestricted File Upload
CVE-2019-7258 – Privilege Escalation
CVE-2019-7259 – Authorization Bypass with Information Disclosure
CVE-2019-7260 – Cleartext Credentials in a Database
CVE-2019-7261 – Hard-coded Credentials
CVE-2019-7262 – Cross-Site Request Forgery (CSRF)
CVE-2019-7263 – Version Control Failure
CVE-2019-7264 – Stack-based Buffer Overflow
CVE-2019-7265 – Remote Code Execution (root access over SSH)

Affected systems: Linear eMerge E3 <=1.00-06

Exploitation:

An attacker sends a crafted request to fetch id and  password and store it in side test.txt and then read the contents of file.

An attacker sends another crafted request to get contents of  /etc/passwd file and store it inside test.txt

 

Conclusion:

No patch has been released by vendor till now. Customers can scan their network with QID :48077,13679 to identify assets remotely.  Additionally, customers can review their Linear eMerge devices to ensure that device is not exposed to untrusted network traffic.

References & Sources:

  • https://applied-risk.com/resources/ar-2019-005

Leave a Reply

Your email address will not be published. Required fields are marked *