VDB
CVE-2010-2466
CVE-2010-2466
PUBLISHED
CVSS 5 MEDIUM
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full_*.dar files with predictable filenames.
EPSS 0.85% · 75.3th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
0.85%
75.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| sonitrol | eaccess | |
| s2sys | netbox | 2.5, 3.3 |
| linearcorp | emerge_5000 | |
| linearcorp | emerge_50 |
Timeline
- Jun 25, 2010 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- http://www.darkreading.com/blog/archives/2010/04/attacking_door.html url
- VU#228737 third-party-advisory
- http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2 url
- http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon url
- http://blip.tv/file/3414004 url
- netbox-database-backups-info-disclosure(59826) vdb
- https://nvd.nist.gov/vuln/detail/CVE-2010-2466 advisory