30 matches found
EUVD-2010-2475
Malware in sbrugna...
EUVD-2010-2476
Malware in sbrugna...
EUVD-2010-2477
Malware in sbrugna...
EUVD-2010-2474
Malware in sbrugna...
Design/Logic Flaw
The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability CVE-2013-20003 to intercept and spoof traffic...
CVE-2018-25029
The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability CVE-2013-20003 to intercept and spoof traffic...
CVE-2018-25029
The CVE-2018-25029 entry concerns Z-Wave S2 security downgrading to S0 during pairing, enabling an attacker in radio range to trigger a separate vulnerability (CVE-2013-20003) to intercept and spoof traffic. Connected records (e.g., CVE-2013-20003, PRION/CVE-2018-25029) indicate Z-Wave devices fr...
Millions of IoT Devices Vulnerable to Z-Wave Downgrade Attacks, Researchers Claim
The popular home automation protocol Z-Wave, used by millions of IoT devices, is vulnerable to a downgrade attack that could allow an adversary to take control of targeted devices, according to researchers. Z-Wave is a wireless protocol used by 2,400 vendors; its wireless chipsets are embedded in...
Z-Wave Downgrade Attack Left Over 100 Million IoT Devices Open to Hackers
Researchers have found that even after having an advanced encryption scheme in place, more than 100 million Internet-of-Things IoT devices from thousands of vendors are vulnerable to a downgrade attack that could allow attackers to gain unauthorized access to your devices. The issue resides in th...
CVE-2010-2467
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests...
CVE-2010-2466
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full.dar files with predictable filenames...
CVE-2010-2468
The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password...
CVE-2010-2465
The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via...
Design/Logic Flaw
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full.dar files with predictable filenames...
Improper access control
The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via...
Default credentials
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests...
CVE-2010-2466
CVE-2010-2466 affects S2 NetBox (used in Linear eMerge and Sonitrol eAccess). The vulnerability allows remote attackers to obtain sensitive data by requesting full_*.dar database backups due to insufficient access protection and predictable backup filenames. Affected NetBox versions include 2.x/3...
CVE-2010-2465
CVE-2010-2465 affects S2 Security NetBox 2.5, 3.3, and 4.0 (as utilized in Linear eMerge 50/5000 and Sonitrol eAccess). The root cause is insufficient access control, permitting remote attackers to download node logs, photographs of persons, and backup files stored under the web root via unspecif...
CVE-2010-2467
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests...
CVE-2010-2468
The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password...