Unrated severityNVD Advisory· Published Jan 4, 2008· Updated Apr 23, 2026

CVE-2007-6638

Description

March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.

Affected products

March Networks/3204 Dvr
cpe:2.3:h:march_networks:3204_dvr:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/27054nvdExploit
secunia.com/advisories/28211nvdVendor Advisory
osvdb.org/39726nvd
www.milw0rm.com/papers/190nvd
www.sybsecurity.com/advisors/SYBSEC-ADV14-March_Networks_DVR_3204_Logfile_Information_Disclosurenvd
www.sybsecurity.com/pages/advisors/static/dvr3204_exp.txtnvd
www.sybsecurity.com/resources/static/An_Insecurity_Overview_of_the_March_Networks_DVR-CCTV_3204.pdfnvd
www.exploit-db.com/exploits/4797nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000