CyberSec.Space Logo
返回 CVE 浏览器

CVE-2007-6638

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1990%
EPSS Percentile5.63th
Published2008年1月4日
Last Modified2026年4月23日

Vulnerability Description

March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.

Affected Platforms (CPE)

🔌
March Networks

3204 Dvr

All versions

References & Advisories

🔗 http://osvdb.org/39726
🔗 http://secunia.com/advisories/28211
🔗 http://www.milw0rm.com/papers/190
🔗 http://www.securityfocus.com/bid/27054
🔗 http://www.sybsecurity.com/advisors/SYBSEC-ADV14-March_Networks_DVR_3204_Logfile_Information_Disclosure
🔗 http://www.sybsecurity.com/pages/advisors/static/dvr3204_exp.txt
🔗 http://www.sybsecurity.com/resources/static/An_Insecurity_Overview_of_the_March_Networks_DVR-CCTV_3204.pdf
🔗 https://www.exploit-db.com/exploits/4797

相关漏洞威胁

CVE-2007-212110.0

Unspecified vulnerability in the COREid Access component in Oracle Application Server 7.0.4.4 has unknown impact and attack vector...

CVE-2007-210110.0

FAC Guestbook 3.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers...

CVE-2007-210010.0

FAC Guestbook 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers ...

CVE-2007-212210.0

Unspecified vulnerability in the Wireless component in Oracle Application Server 9.0.4.3 has unknown impact and attack vectors, ak...

CVE-2007-6638 Detail & Impact Analysis | CVSS 10.0 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space