CVE-2010-2467
Severity CVSS v4.0:
Pending analysis
Type:
CWE-255
Credentials Management
Publication date:
25/06/2010
Last modified:
11/04/2025
Description
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:h:s2sys:netbox:2.5:*:*:*:*:*:*:* | ||
| cpe:2.3:h:s2sys:netbox:3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:h:s2sys:netbox:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:h:linearcorp:emerge_50:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:linearcorp:emerge_5000:*:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sonitrol:eaccess:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://blip.tv/file/3414004
- http://www.darkreading.com/blog/archives/2010/04/attacking_door.html
- http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2
- http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59828
- http://blip.tv/file/3414004
- http://www.darkreading.com/blog/archives/2010/04/attacking_door.html
- http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2
- http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59828