CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
86.7%
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests.
Vendor | Product | Version | CPE |
---|---|---|---|
s2sys | netbox | 2.5 | cpe:2.3:h:s2sys:netbox:2.5:*:*:*:*:*:*:* |
s2sys | netbox | 3.3 | cpe:2.3:h:s2sys:netbox:3.3:*:*:*:*:*:*:* |
s2sys | netbox | 4.0 | cpe:2.3:h:s2sys:netbox:4.0:*:*:*:*:*:*:* |
linearcorp | emerge_50 | * | cpe:2.3:h:linearcorp:emerge_50:*:*:*:*:*:*:*:* |
linearcorp | emerge_5000 | * | cpe:2.3:h:linearcorp:emerge_5000:*:*:*:*:*:*:*:* |
sonitrol | eaccess | * | cpe:2.3:h:sonitrol:eaccess:*:*:*:*:*:*:*:* |
blip.tv/file/3414004
www.darkreading.com/blog/archives/2010/04/attacking_door.html
www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2
www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon
exchange.xforce.ibmcloud.com/vulnerabilities/59828