CyberSec.Space Logo
CVEブラウザに戻る

CVE-2007-6638

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1990%
EPSS Percentile5.63th
Published2008年1月4日
Last Modified2026年4月23日

Vulnerability Description

March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.

Affected Platforms (CPE)

🔌
March Networks

3204 Dvr

All versions

References & Advisories

🔗 http://osvdb.org/39726
🔗 http://secunia.com/advisories/28211
🔗 http://www.milw0rm.com/papers/190
🔗 http://www.securityfocus.com/bid/27054
🔗 http://www.sybsecurity.com/advisors/SYBSEC-ADV14-March_Networks_DVR_3204_Logfile_Information_Disclosure
🔗 http://www.sybsecurity.com/pages/advisors/static/dvr3204_exp.txt
🔗 http://www.sybsecurity.com/resources/static/An_Insecurity_Overview_of_the_March_Networks_DVR-CCTV_3204.pdf
🔗 https://www.exploit-db.com/exploits/4797

関連する脆弱性情報

CVE-2007-049610.0

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to ex...

CVE-2007-182210.0

Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailbo...

CVE-2007-350010.0

Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.

CVE-2007-158710.0

templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the...