Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6638

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-6638
Last Modified 15 Nov 2008 02:05:40
Published 03 Jan 2008 07:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6638

Summary

March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.

Vulnerable Systems


References

MISC - http://www.sybsecurity.com/resources/static/An_Insecurity_Overview_of_the_March_Networks_DVR-CCTV_3204.pdf

MISC - http://www.sybsecurity.com/advisors/SYBSEC-ADV14-March_Networks_DVR_3204_Logfile_Information_Disclosure

BID - 27054

MISC - http://www.milw0rm.com/papers/190

MILW0RM - 4797

SECUNIA - 28211

OSVDB - 39726


Last Updated: 27 May 2016 10:46:35