CVE-2007-6638

March Networks DVR 3204 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-6638. PoCs published by Alex Hernandez, alt3kx.

AI-analyzed exploit summary This Perl script exploits an information disclosure vulnerability in March Networks DVR 3204 by attempting to fetch log files without authentication. It checks for the presence of specific paths, including /scripts/logfiles.tar.gz, which can reveal sensitive information such as credentials and IP addresses.

Description

March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Alex Hernandez · perlremotehardware

https://www.exploit-db.com/exploits/4797

View Code ZIP pw:eip

This Perl script exploits an information disclosure vulnerability in March Networks DVR 3204 by attempting to fetch log files without authentication. It checks for the presence of specific paths, including /scripts/logfiles.tar.gz, which can reveal sensitive information such as credentials and IP addresses.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: March Networks DVR 3204

No auth needed

Prerequisites: Network access to the target DVR device

MITRE ATT&CK

T1083 - File and Directory Discovery T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP

by alt3kx · poc

https://github.com/alt3kx/CVE-2007-6638