Published: 04/01/2008 Updated: 29/09/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote malicious users to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.

Vulnerable Product	Search on Vulmon	Subscribe to Product
march networks 3204 dvr

#!/usr/bin/perl # # March Networks DVR 3204 Logfile Information Disclosure Exploit # # Since configuration of the IP address, user console and root is # carried out over the "administrator console", the vulnerability # lies within Watchdog's HTTP server application # # Any user can obtain the log files without authentication by accessing # the f ...

March Networks DVR 3204 - Logfile Information Disclosure

CVE-2007-6638 March Networks DVR 3204 - Logfile Information Disclosure Exploit-DB publication at wwwexploit-dbcom/exploits/4797/ Author Alex Hernandez aka (@_alt3kx_)

CWE-264 http://www.milw0rm.com/papers/190 http://www.sybsecurity.com/advisors/SYBSEC-ADV14-March_Networks_DVR_3204_Logfile_Information_Disclosure http://www.sybsecurity.com/pages/advisors/static/dvr3204_exp.txt http://www.sybsecurity.com/resources/static/An_Insecurity_Overview_of_the_March_Networks_DVR-CCTV_3204.pdf http://www.securityfocus.com/bid/27054 http://secunia.com/advisories/28211 http://osvdb.org/39726 https://www.exploit-db.com/exploits/4797 https://nvd.nist.gov https://github.com/alt3kx/CVE-2007-6638 https://www.exploit-db.com/exploits/4797/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-6638

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect