CVE-2010-2465
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
79.7%
The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| s2sys:netbox | s2sys netbox | eq | 2.5 |
| s2sys:netbox | s2sys netbox | eq | 3.3 |
| s2sys:netbox | s2sys netbox | eq | 4.0 |
References
blip.tv/file/3414004
osvdb.org/65757
secunia.com/advisories/40374
www.darkreading.com/blog/archives/2010/04/attacking_door.html
www.kb.cert.org/vuls/id/251133
www.kb.cert.org/vuls/id/MAPG-83TQL8
www.securityfocus.com/bid/41134
www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2
www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
79.7%