CyberSec.Space Logo
Back to CVE Browser

CVE-2007-6638

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1990%
EPSS Percentile5.63th
PublishedJan 4, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.

Affected Platforms (CPE)

πŸ”Œ
March Networks

3204 Dvr

All versions

References & Advisories

πŸ”— http://osvdb.org/39726
πŸ”— http://secunia.com/advisories/28211
πŸ”— http://www.milw0rm.com/papers/190
πŸ”— http://www.securityfocus.com/bid/27054
πŸ”— http://www.sybsecurity.com/advisors/SYBSEC-ADV14-March_Networks_DVR_3204_Logfile_Information_Disclosure
πŸ”— http://www.sybsecurity.com/pages/advisors/static/dvr3204_exp.txt
πŸ”— http://www.sybsecurity.com/resources/static/An_Insecurity_Overview_of_the_March_Networks_DVR-CCTV_3204.pdf
πŸ”— https://www.exploit-db.com/exploits/4797

Related Vulnerabilities

CVE-2007-010010.0

The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows r...

CVE-2007-011710.0

DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) fil...

CVE-2007-005710.0

Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a sh...

CVE-2007-023610.0

Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attacker...