CVE-2007-6638

N/A Unknown

Published: January 04, 2008 Modified: April 23, 2026

Description

March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://osvdb.org/39726

Source: cve@mitre.org

http://secunia.com/advisories/28211

Source: cve@mitre.org

Vendor Advisory

http://www.milw0rm.com/papers/190

Source: cve@mitre.org

http://www.securityfocus.com/bid/27054

Source: cve@mitre.org

Exploit

http://www.sybsecurity.com/advisors/SYBSEC-ADV14-March_Networks_DVR_3204_Logfile_Information_Disclosure

Source: cve@mitre.org

http://www.sybsecurity.com/pages/advisors/static/dvr3204_exp.txt

Source: cve@mitre.org

http://www.sybsecurity.com/resources/static/An_Insecurity_Overview_of_the_March_Networks_DVR-CCTV_3204.pdf

Source: cve@mitre.org

https://www.exploit-db.com/exploits/4797

Source: cve@mitre.org

http://osvdb.org/39726