CVE-2020-7057

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:hikvision:ds-7204hghi-f1_firmware:4.0.1:180903:*:*:*:*:*:*
cpe:2.3:h:hikvision:ds-7204hghi-f1:-:*:*:*:*:*:*:*

Information

Published : 2020-01-14 14:15

Updated : 2020-01-24 06:53


NVD link : CVE-2020-7057

Mitre link : CVE-2020-7057


JSON object : View

CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts

Advertisement

dedicated server usa

Products Affected

hikvision

  • ds-7204hghi-f1_firmware
  • ds-7204hghi-f1