Home / Early Warning / Vulnerabilidades / CVE-2020-7057

CVE-2020-7057

Type: 
Unavailable / Other
Severity: 
Medium
Publication date: 
01/14/2020
Last modified: 
01/24/2020
Description
Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed.
Impact
Access Vector: Through network
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: No impact on system integrity + Partially affects on system confidentiality + No impact on system availability
Vulnerable software and versions
  • cpe:2.3:o:hikvision:ds-7204hghi-f1_firmware:4.0.1:180903:*:*:*:*:*:*
  • cpe:2.3:h:hikvision:ds-7204hghi-f1:-:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
References to Advisories, Solutions, and Tools
Explanation of fields