CVE-2007-6638

Sažetak

March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.

Reference

http://osvdb.org/39726
http://secunia.com/advisories/28211
http://www.milw0rm.com/papers/190
http://www.securityfocus.com/bid/27054
http://www.sybsecurity.com/advisors/SYBSEC-ADV14-March_Networks_DVR_3204_Logfile_Information_Disclosure
http://www.sybsecurity.com/pages/advisors/static/dvr3204_exp.txt
http://www.sybsecurity.com/resources/static/An_Insecurity_Overview_of_the_March_Networks_DVR-CCTV_3204.pdf
https://www.exploit-db.com/exploits/4797

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-09-2017 - 01:30

Objavljeno

04-01-2008 - 00:46