Vulnerability Description
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| S2Sys | Netbox | 2.5 |
| Linearcorp | Emerge 50 | All versions |
| Linearcorp | Emerge 5000 | All versions |
| Sonitrol | Eaccess | All versions |
Related Weaknesses (CWE)
References
- http://blip.tv/file/3414004Exploit
- http://www.darkreading.com/blog/archives/2010/04/attacking_door.html
- http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNExploit
- http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hackingExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59828
- http://blip.tv/file/3414004Exploit
- http://www.darkreading.com/blog/archives/2010/04/attacking_door.html
- http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNExploit
- http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hackingExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59828
FAQ
What is CVE-2010-2467?
CVE-2010-2467 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, wh...
How severe is CVE-2010-2467?
CVE-2010-2467 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2467?
Check the references section above for vendor advisories and patch information. Affected products include: S2Sys Netbox, Linearcorp Emerge 50, Linearcorp Emerge 5000, Sonitrol Eaccess.