CVE-2007-6638

March Networks DVR 3204 - Info Disclosure

Title source: llm

Description

March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Alex Hernandez · perlremotehardware

https://www.exploit-db.com/exploits/4797

View Code ZIP pw:eip

nomisec WRITEUP

by alt3kx · poc

https://github.com/alt3kx/CVE-2007-6638

View Code ZIP pw:eip

References (8)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4797

[Various Sources] http://www.sybsecurity.com/pages/advisors/static/dvr3204_exp.txt

[Exploit] http://www.securityfocus.com/bid/27054

[Various Sources] http://www.sybsecurity.com/advisors/SYBSEC-ADV14-March_Networks_DVR_3204_Logfile_Information_Disclosure

[Third Party Advisory, VDB Entry] http://osvdb.org/39726

[Various Sources] http://www.milw0rm.com/papers/190

[Vendor Advisory] http://secunia.com/advisories/28211

[Various Sources] http://www.sybsecurity.com/resources/static/An_Insecurity_Overview_of_the_March_Networks_DVR-CCTV_3204.pdf

Scores

EPSS 0.0825

EPSS Percentile 92.2%

Details

CWE

CWE-264

Status published

Products (1)

march_networks/3204_dvr

Published Jan 04, 2008

Tracked Since Feb 18, 2026