Vulnerability Details : CVE-2010-2466
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full_*.dar files with predictable filenames.
Exploit prediction scoring system (EPSS) score for CVE-2010-2466
Probability of exploitation activity in the next 30 days: 0.72%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2466
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-2466
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2466
-
http://www.kb.cert.org/vuls/id/228737
CERT Vulnerability Notes DatabaseUS Government Resource
-
http://blip.tv/file/3414004
Exploit
-
http://www.darkreading.com/blog/archives/2010/04/attacking_door.html
Commentary - Latest Content - Dark Reading
-
http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon
We Don\'t Need no Stinkin Badges: hacking Electronic Door Access Con…Exploit
-
http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2
www.SecurityInfoWatch.com
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/59826
S2 NetBox database backups information disclosure CVE-2010-2466 Vulnerability Report
Products affected by CVE-2010-2466
- cpe:2.3:h:s2sys:netbox:2.5:*:*:*:*:*:*:*
- cpe:2.3:h:s2sys:netbox:3.3:*:*:*:*:*:*:*
- cpe:2.3:h:linearcorp:emerge_50:*:*:*:*:*:*:*:*
- cpe:2.3:h:linearcorp:emerge_5000:*:*:*:*:*:*:*:*
- cpe:2.3:h:sonitrol:eaccess:*:*:*:*:*:*:*:*