Описание
March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.
Ссылки
- Vendor Advisory
- Exploit
- Vendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:h:march_networks:3204_dvr:*:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.0825
Низкий
10 Critical
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
почти 4 года назад
March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.
EPSS
Процентиль: 92%
0.0825
Низкий
10 Critical
CVSS2
Дефекты
CWE-264