CVE-2007-6638 Information

Description

March Networks DVR 3204 stores sensitive information under the web root with insufficient access control which allows remote attackers to obtain usernames passwords device names and IP addresses via a direct request for scripts/logfiles.tar.gz.

Reference

http://osvdb.org/39726 http://secunia.com/advisories/28211 http://www.milw0rm.com/papers/190 http://www.securityfocus.com/bid/27054 http://www.sybsecurity.com/advisors/SYBSEC-ADV14-March_Networks_DVR_3204_Logfile_Information_Disclosure http://www.sybsecurity.com/pages/advisors/static/dvr3204_exp.txt http://www.sybsecurity.com/resources/static/An_Insecurity_Overview_of_the_March_Networks_DVR-CCTV_3204.pdf https://www.exploit-db.com/exploits/4797