CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 2CVE-2010-2465
https://notcve.org/view.php?id=CVE-2010-2465
The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests. S2 Security NetBox, probablemente v2.x v3.x, comoel usado en Linear eMerge 50 y 5000 y Sonitrol eAccess, almacena información sensible bajo la raíz web con insuficiente control de acceso, lo que permite a atacantes remotos descargar logs de nodo, fotografías de personas, y archivos backup a través de peticiones no especificadas. • http://blip.tv/file/3414004 http://osvdb.org/65757 http://secunia.com/advisories/40374 http://www.darkreading.com/blog/archives/2010/04/attacking_door.html http://www.kb.cert.org/vuls/id/251133 http://www.kb.cert.org/vuls/id/MAPG-83TQL8 http://www.securityfocus.com/bid/41134 http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2 http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot- • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 6EXPL: 3CVE-2010-2467
https://notcve.org/view.php?id=CVE-2010-2467
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests. S2 Security NetBox, possibly v.x y v3.x, como el usado en Linear eMerge 50 y 5000 y Sonitrol eAccess, no requiere configurar una clave para el servidor FTP que almacena backups de datos, lo que hace sencillo para atacantes remotos descargar ficheros backup a través de peticiones FTP no especificadas. • http://blip.tv/file/3414004 http://www.darkreading.com/blog/archives/2010/04/attacking_door.html http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2 http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon https://exchange.xforce.ibmcloud.com/vulnerabilities/59828 • CWE-255: Credentials Management Errors •