Описание
March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.
March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-6638
- https://www.exploit-db.com/exploits/4797
- http://osvdb.org/39726
- http://secunia.com/advisories/28211
- http://www.milw0rm.com/papers/190
- http://www.securityfocus.com/bid/27054
- http://www.sybsecurity.com/advisors/SYBSEC-ADV14-March_Networks_DVR_3204_Logfile_Information_Disclosure
- http://www.sybsecurity.com/pages/advisors/static/dvr3204_exp.txt
- http://www.sybsecurity.com/resources/static/An_Insecurity_Overview_of_the_March_Networks_DVR-CCTV_3204.pdf
EPSS
CVE ID
Связанные уязвимости
March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.
EPSS