Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Improper Restriction of Excessive Authentication Attempts Vulnerability

Published on March 25th, 2020

Summary

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 suffers from improper restriction of excessive authentication attempts vulnerability

Credit:

The information has been provided by Vendor

The original article can be found at:https://sku11army.blogspot.com/2020/01/hikvision-dvr-ds-7204hghi-user.html

Details

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed.

Vulnerable Systems:

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903

CVE Information:

CVE-2020-7057

Disclosure Timeline:
Published Date:1/14/2020

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Improper Restriction of Excessive Authentication Attempts Vulnerability

Summary

Credit:

Details

News

Minimal Coming Soon & Maintenance Mode through 2.10 Cross-Site Request Forgery (CSRF) Vulnerability

News

HUAWEI Mate 20 smartphones versions 9.1.0.139 Improper Authentication Vulnerability

News

PHPGurukul Dairy Farm Shop Management System 1.0 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Improper Restriction of Excessive Authentication Attempts Vulnerability

Summary

Credit:

Details

Related Posts

News

Minimal Coming Soon & Maintenance Mode through 2.10 Cross-Site Request Forgery (CSRF) Vulnerability

News

HUAWEI Mate 20 smartphones versions 9.1.0.139 Improper Authentication Vulnerability

News

PHPGurukul Dairy Farm Shop Management System 1.0 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability