CVE-2007-6638

Description

March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.

CVSS Version 2.0

nvd

CVE ID: CVE-2007-6638
Base Score: 10.0
Base Severity: HIGH
Vector String:AV:N/AC:L/Au:N/C:C/I:C/A:C

Proof Of Concept

alt3kx

March Networks DVR 3204 - Logfile Information Disclosure

Refrence: GitHub

Refrence: NVD