Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Improper Restriction of Excessive Authentication Attempts Vulnerability

Published on March 25th, 2020
Summary

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 suffers from improper restriction of excessive authentication attempts vulnerability

Credit:

The information has been provided by Vendor

The original article can be found at:https://sku11army.blogspot.com/2020/01/hikvision-dvr-ds-7204hghi-user.html


Details

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed.

 

Vulnerable Systems:

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903

 

CVE Information:

CVE-2020-7057

 

Disclosure Timeline:
Published Date:1/14/2020

Categories: News

Related Posts

Featured News

HUAWEI P30 with versions earlier than 10.1.0.160 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Featured News

HUAWEI P30 with versions earlier than 10.1.0.135 Improper Verification of Cryptographic Signature Vulnerability

Featured News

HUAWEI P30 smartphone versions 10.1.0.135 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability