Title: March Networks 3204 DVR Information Disclosure Vulnerability
Severity: MODERATE
Description:
March Networks 3204 Digital Video Recorder (DVR) is a video recording appliance.
March Networks 3204 DVR is prone to an information-disclosure vulnerability that stems from access-validation error.
Reports indicate that access to the logfiles is not restricted. An attacker can issue an HTTP GET request to the HTTP interface for the 'logfiles.tar.gz' file without providing authentication credentials and then obtain potentially sensitive information, including authentication credentials.
Sensitive information obtained may aid in further attacks.
Affected Products:
- March Networks 3204 DVR
References:
- March Networks: Product Homepage
- SYB Security: SYBSEC-04.DEC.2007 - March Networks DVR 3204 Logfile Information Disclosure
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
