CVE-2007-6638

Exploit

EPSS 8.25%
Veröffentlicht 04.01.2008 00:46:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

March Networks ≫ 3204 Dvr

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	8.25%	0.919

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://osvdb.org/39726

http://secunia.com/advisories/28211

Vendor Advisory

http://www.milw0rm.com/papers/190

http://www.securityfocus.com/bid/27054

Exploit

http://www.sybsecurity.com/advisors/SYBSEC-ADV14-March_Networks_DVR_3204_Logfile_Information_Disclosure

http://www.sybsecurity.com/pages/advisors/static/dvr3204_exp.txt

http://www.sybsecurity.com/resources/static/An_Insecurity_Overview_of_the_March_Networks_DVR-CCTV_3204.pdf

https://www.exploit-db.com/exploits/4797

https://nvd.nist.gov/vuln/detail/CVE-2007-6638

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-6638

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-6638

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2007-6638