Vulnerabilities > CVE-2020-7057 - Improper Restriction of Excessive Authentication Attempts vulnerability in Hikvision Ds-7204Hghi-F1 Firmware 4.0.1

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

hikvision

CWE-307

NVD

Published: 2020-01-14

Updated: 2020-01-24

Summary

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed.

Vulnerable Configurations

Part	Description	Count
OS	Hikvision Hikvision DS 7204Hghi F1 Firmware 4.0.1	1
Hardware	Hikvision Hikvision DS 7204Hghi F1 -	1

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://sku11army.blogspot.com/2020/01/hikvision-dvr-ds-7204hghi-user.html