CVE-2020-7057

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:hikvision:ds-7204hghi-f1_firmware:4.0.1:180903:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-7204hghi-f1:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-01-14 22:15

Updated : 2024-02-28 17:28


NVD link : CVE-2020-7057

Mitre link : CVE-2020-7057

CVE.ORG link : CVE-2020-7057


JSON object : View

Products Affected

hikvision

  • ds-7204hghi-f1
  • ds-7204hghi-f1_firmware
CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts