CVE-2020-7057

Published: Jan 14, 2020Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed.

Affected (1)

Products: Hikvision: Ds 7204hghi F1 Firmware

1 product

Ds 7204hghi F1 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Hikvision Ds 7204hghi F1 Firmware	Version 4.0.1 180903

Running on/with	Platform Versions
Hikvision Ds 7204hghi F1	All versions

Related CWEs

Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References (2)

https://sku11army.blogspot.com/2020/01/hikvision-dvr-ds-7204hghi-user.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://sku11army.blogspot.com/2020/01/hikvision-dvr-ds-7204hghi-user.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.