CVE-2007-6638 | Vulnerability Database | Aqua Security

March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.

Affected Software

Name	Vendor	Start Version	End Version
3204_dvr	March_networks	*	*

References

http://osvdb.org/39726
http://secunia.com/advisories/28211
http://www.milw0rm.com/papers/190
http://www.securityfocus.com/bid/27054
http://www.sybsecurity.com/advisors/SYBSEC-ADV14-March_Networks_DVR_3204_Logfile_Information_Disclosure
http://www.sybsecurity.com/pages/advisors/static/dvr3204_exp.txt
http://www.sybsecurity.com/resources/static/An_Insecurity_Overview_of_the_March_Networks_DVR-CCTV_3204.pdf
https://www.exploit-db.com/exploits/4797
http://osvdb.org/39726
http://secunia.com/advisories/28211
http://www.milw0rm.com/papers/190
http://www.securityfocus.com/bid/27054
http://www.sybsecurity.com/advisors/SYBSEC-ADV14-March_Networks_DVR_3204_Logfile_Information_Disclosure
http://www.sybsecurity.com/pages/advisors/static/dvr3204_exp.txt
http://www.sybsecurity.com/resources/static/An_Insecurity_Overview_of_the_March_Networks_DVR-CCTV_3204.pdf
https://www.exploit-db.com/exploits/4797

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-6638
CWE	https://cwe.mitre.org/data/definitions/264.html