1. Home
  2. CVE Database
  3. CVE-2010-2466
MEDIUM · 5.0

CVE-2010-2466

The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attacker...

Vulnerability Description

The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full_*.dar files with predictable filenames.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N
Confidentiality
PARTIAL
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
S2SysNetbox2.5
LinearcorpEmerge 50All versions
LinearcorpEmerge 5000All versions
SonitrolEaccessAll versions

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2010-2466?

CVE-2010-2466 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attacker...

How severe is CVE-2010-2466?

CVE-2010-2466 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-2466?

Check the references section above for vendor advisories and patch information. Affected products include: S2Sys Netbox, Linearcorp Emerge 50, Linearcorp Emerge 5000, Sonitrol Eaccess.