The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests.
Software | From | Fixed in |
---|---|---|
s2sys / netbox | 2.5 | 2.5.x |
s2sys / netbox | 3.3 | 3.3.x |
s2sys / netbox | 4.0 | 4.0.x |
linearcorp / emerge_50 | - | - |
linearcorp / emerge_5000 | - | - |
sonitrol / eaccess | - | - |