CVE-2020-7057

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:hikvision:ds-7204hghi-f1_firmware:4.0.1:180903:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-7204hghi-f1:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:36

Type Values Removed Values Added
References () https://sku11army.blogspot.com/2020/01/hikvision-dvr-ds-7204hghi-user.html - Exploit, Third Party Advisory () https://sku11army.blogspot.com/2020/01/hikvision-dvr-ds-7204hghi-user.html - Exploit, Third Party Advisory

Information

Published : 2020-01-14 22:15

Updated : 2024-11-21 05:36


NVD link : CVE-2020-7057

Mitre link : CVE-2020-7057

CVE.ORG link : CVE-2020-7057


JSON object : View

Products Affected

hikvision

  • ds-7204hghi-f1
  • ds-7204hghi-f1_firmware
CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts