|
Title
|
March Networks DVR 3204 Logfile Information Disclosure
|
|
ID
|
SYBSEC-04.DEC.2007
|
|
Severity
|
HIGH
|
|
History
|
09.FEB.2007 Vulnerability discovered
25.NOV.2007 Vendor contacted
|
|
Scope
|
Information Disclosure
|
|
Platforms
|
March Networks DVR 3204
|
|
Author
|
Alex Hernandez <ahernandez [at] sybsecurity [dot] com>
|
|
URL
|
http://www.sybsecurity.com/advisors/SYBSEC-ADV14-March_Networks_DVR_3204_Logfile_Information_Disclosure
|
|
Release
|
Public
|
|
Overview
|
DVRs are basically mini-PCs that allow a user to record TV broadcasts, cable, or DirectTV transmissions, depending
on the model, in digital form on a hard drive located inside the recorder.
|
|
Affected versions
|
The vulnerability has been reported in versions March Networks
DVR version 3204
|
|
Description
|
Since configuration of the IP address, user console and root is carried out over the "administrator console", the
vulnerability lies within Watchdog's HTTP server application.
|
|
Workaround
|
Upgrade the sofware version you can download from:
http://www.marchnetworks.com
|
|
Acknowledgments
|
This vulnerability have been found and researched by:
- Alex Hernandez <ahernandez [at] sybsecurity [dot] com>
|
|
References
|
* MarchNetworks: http://www.marchnetworks.com
* SYB Security: http://www.sybsecurity.com
|
|
Details
|
Any user can obtain the log files without authentication by accessing the following PATH http:/dvraddress/scripts/logfiles.tar.gz. The intruder can then uncompress the tar file and access the config.dat to reveal
username and passwords, names of devices, and IP addresses of other security components attached to the corporate
network
|
|
Exploit tool
|
dvr3204_exp.txt
|
search
