30 matches found
EUVD-2010-2476
Malware in sbrugna...
EUVD-2010-2475
Malware in sbrugna...
EUVD-2010-2477
Malware in sbrugna...
EUVD-2010-2474
Malware in sbrugna...
Design/Logic Flaw
The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability CVE-2013-20003 to intercept and spoof traffic...
CVE-2018-25029
The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability CVE-2013-20003 to intercept and spoof traffic...
CVE-2018-25029
The CVE-2018-25029 entry concerns Z-Wave S2 security downgrading to S0 during pairing, enabling an attacker in radio range to trigger a separate vulnerability (CVE-2013-20003) to intercept and spoof traffic. Connected records (e.g., CVE-2013-20003, PRION/CVE-2018-25029) indicate Z-Wave devices fr...
Millions of IoT Devices Vulnerable to Z-Wave Downgrade Attacks, Researchers Claim
The popular home automation protocol Z-Wave, used by millions of IoT devices, is vulnerable to a downgrade attack that could allow an adversary to take control of targeted devices, according to researchers. Z-Wave is a wireless protocol used by 2,400 vendors; its wireless chipsets are embedded in...
Z-Wave Downgrade Attack Left Over 100 Million IoT Devices Open to Hackers
Researchers have found that even after having an advanced encryption scheme in place, more than 100 million Internet-of-Things IoT devices from thousands of vendors are vulnerable to a downgrade attack that could allow attackers to gain unauthorized access to your devices. The issue resides in th...
CVE-2010-2468
The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password...
CVE-2010-2466
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full.dar files with predictable filenames...
CVE-2010-2465
The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via...
CVE-2010-2467
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests...
Design/Logic Flaw
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full.dar files with predictable filenames...
Default credentials
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests...
Improper access control
The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via...
CVE-2010-2466
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full.dar files with predictable filenames...
CVE-2010-2467
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests...
CVE-2010-2465
The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via...
CVE-2010-2467
CVE-2010-2467 affects the S2 Security NetBox (likely 2.x–3.x) used in Linear eMerge 50/5000 and Sonitrol eAccess. The FTP server storing database backups does not require a password, enabling remote download of backups via FTP requests. Exploitation details are not provided in the connected docum...