Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Improper Restriction of Excessive Authentication Attempts Vulnerability

Published on March 25th, 2020

Summary

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 suffers from improper restriction of excessive authentication attempts vulnerability

Credit:

The information has been provided by Vendor

The original article can be found at:https://sku11army.blogspot.com/2020/01/hikvision-dvr-ds-7204hghi-user.html

Details

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed.

Vulnerable Systems:

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903

CVE Information:

CVE-2020-7057

Disclosure Timeline:
Published Date:1/14/2020

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Improper Restriction of Excessive Authentication Attempts Vulnerability

Summary

Credit:

Details

News

Pulse Secure Pulse Connect Secure (PCS) Improper Restriction of Excessive Authentication Attempts Vulnerability

News

Pulse Secure Pulse Connect Secure (PCS) Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) Vulnerability

News

Malwarebytes AdwCleaner 8.0.3 Untrusted Search Path Vulnerability

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Improper Restriction of Excessive Authentication Attempts Vulnerability

Summary

Credit:

Details

Related Posts

News

Pulse Secure Pulse Connect Secure (PCS) Improper Restriction of Excessive Authentication Attempts Vulnerability

News

Pulse Secure Pulse Connect Secure (PCS) Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) Vulnerability

News

Malwarebytes AdwCleaner 8.0.3 Untrusted Search Path Vulnerability