Lucene search

MitreCVE-2007-6638

HistoryJan 04, 2008 - 12:46 a.m.

CVE-2007-6638

2008-01-0400:46:00

CWE-264

mitre

web.nvd.nist.gov

march networks

dvr

sensitive information

access control

remote attack

nvd

cve-2007-6638

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.3

Confidence

Low

EPSS

0.089

Percentile

94.7%

JSON

March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.

Affected configurations

Nvd

Node

march_networks3204_dvr

VendorProductVersionCPE
march_networks3204_dvr*cpe:2.3:h:march_networks:3204_dvr:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
march_networks	3204_dvr	*	cpe:2.3:h:march_networks:3204_dvr::::::::

References

osvdb.org/39726

secunia.com/advisories/28211

www.milw0rm.com/papers/190

www.securityfocus.com/bid/27054

www.sybsecurity.com/advisors/SYBSEC-ADV14-March_Networks_DVR_3204_Logfile_Information_Disclosure

www.sybsecurity.com/pages/advisors/static/dvr3204_exp.txt

www.sybsecurity.com/resources/static/An_Insecurity_Overview_of_the_March_Networks_DVR-CCTV_3204.pdf

www.exploit-db.com/exploits/4797

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.3

Confidence

Low

EPSS

0.089

Percentile

94.7%

JSON

Related for CVE-2007-6638