Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for ds-7204hghi-f1_firmware by hikvision

    CVE-2025-66174 (GCVE-0-2025-66174)

    Vulnerability from nvd – Published: 2025-12-19 06:39 – Updated: 2025-12-19 15:41
    VLAI
    Summary
    There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Vendor Product Version
    Hikvision DS-7104HGHI-F1 Affected: Versions below V4.30.122_201107 (including V4.30.122_201107)
    Create a notification for this product.
    Hikvision DS-7204HGHI-F1 Affected: Versions below V4.30.122_201107 (including V4.30.122_201107)
    Create a notification for this product.
    Credits
    Aaron J Jose
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66174",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-19T15:41:12.037984Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-287",
                    "description": "CWE-287 Improper Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-19T15:41:32.976Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DS-7104HGHI-F1",
              "vendor": "Hikvision",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions below V4.30.122_201107 (including V4.30.122_201107)"
                }
              ]
            },
            {
              "product": "DS-7204HGHI-F1",
              "vendor": "Hikvision",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions below V4.30.122_201107 (including V4.30.122_201107)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Aaron J Jose"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-19T06:45:55.453Z",
            "orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
            "shortName": "hikvision"
          },
          "references": [
            {
              "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/serial-port-privilege-escalation-vulnerabilities-in-some-hikvision-nvr-devices/"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
        "assignerShortName": "hikvision",
        "cveId": "CVE-2025-66174",
        "datePublished": "2025-12-19T06:39:51.404Z",
        "dateReserved": "2025-11-24T08:59:35.903Z",
        "dateUpdated": "2025-12-19T15:41:32.976Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-66173 (GCVE-0-2025-66173)

    Vulnerability from nvd – Published: 2025-12-19 06:39 – Updated: 2025-12-19 15:40
    VLAI
    Summary
    There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted shell environment.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Hikvision DS-7104HGHI-F1 Affected: Versions below V4.30.122_201107 (including V4.30.122_201107)
    Create a notification for this product.
    Hikvision DS-7204HGHI-F1 Affected: Versions below V4.30.122_201107 (including V4.30.122_201107)
    Create a notification for this product.
    Credits
    Aaron J Jose
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66173",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-19T15:40:25.549400Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-19T15:40:52.217Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DS-7104HGHI-F1",
              "vendor": "Hikvision",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions below V4.30.122_201107 (including V4.30.122_201107)"
                }
              ]
            },
            {
              "product": "DS-7204HGHI-F1",
              "vendor": "Hikvision",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions below V4.30.122_201107 (including V4.30.122_201107)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Aaron J Jose"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted shell environment."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-19T06:45:40.814Z",
            "orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
            "shortName": "hikvision"
          },
          "references": [
            {
              "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/serial-port-privilege-escalation-vulnerabilities-in-some-hikvision-nvr-devices/"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
        "assignerShortName": "hikvision",
        "cveId": "CVE-2025-66173",
        "datePublished": "2025-12-19T06:39:38.504Z",
        "dateReserved": "2025-11-24T08:59:35.902Z",
        "dateUpdated": "2025-12-19T15:40:52.217Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-7057 (GCVE-0-2020-7057)

    Vulnerability from nvd – Published: 2020-01-14 21:28 – Updated: 2024-08-04 09:18
    VLAI
    Summary
    Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:18:03.020Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sku11army.blogspot.com/2020/01/hikvision-dvr-ds-7204hghi-user.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-14T22:09:11.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sku11army.blogspot.com/2020/01/hikvision-dvr-ds-7204hghi-user.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-7057",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://sku11army.blogspot.com/2020/01/hikvision-dvr-ds-7204hghi-user.html",
                  "refsource": "MISC",
                  "url": "https://sku11army.blogspot.com/2020/01/hikvision-dvr-ds-7204hghi-user.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-7057",
        "datePublished": "2020-01-14T21:28:51.000Z",
        "dateReserved": "2020-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:18:03.020Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-66174 (GCVE-0-2025-66174)

    Vulnerability from cvelistv5 – Published: 2025-12-19 06:39 – Updated: 2025-12-19 15:41
    VLAI
    Summary
    There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    Impacted products
    Vendor Product Version
    Hikvision DS-7104HGHI-F1 Affected: Versions below V4.30.122_201107 (including V4.30.122_201107)
    Create a notification for this product.
    Hikvision DS-7204HGHI-F1 Affected: Versions below V4.30.122_201107 (including V4.30.122_201107)
    Create a notification for this product.
    Credits
    Aaron J Jose
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66174",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-19T15:41:12.037984Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-287",
                    "description": "CWE-287 Improper Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-19T15:41:32.976Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DS-7104HGHI-F1",
              "vendor": "Hikvision",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions below V4.30.122_201107 (including V4.30.122_201107)"
                }
              ]
            },
            {
              "product": "DS-7204HGHI-F1",
              "vendor": "Hikvision",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions below V4.30.122_201107 (including V4.30.122_201107)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Aaron J Jose"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-19T06:45:55.453Z",
            "orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
            "shortName": "hikvision"
          },
          "references": [
            {
              "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/serial-port-privilege-escalation-vulnerabilities-in-some-hikvision-nvr-devices/"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
        "assignerShortName": "hikvision",
        "cveId": "CVE-2025-66174",
        "datePublished": "2025-12-19T06:39:51.404Z",
        "dateReserved": "2025-11-24T08:59:35.903Z",
        "dateUpdated": "2025-12-19T15:41:32.976Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-66173 (GCVE-0-2025-66173)

    Vulnerability from cvelistv5 – Published: 2025-12-19 06:39 – Updated: 2025-12-19 15:40
    VLAI
    Summary
    There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted shell environment.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Vendor Product Version
    Hikvision DS-7104HGHI-F1 Affected: Versions below V4.30.122_201107 (including V4.30.122_201107)
    Create a notification for this product.
    Hikvision DS-7204HGHI-F1 Affected: Versions below V4.30.122_201107 (including V4.30.122_201107)
    Create a notification for this product.
    Credits
    Aaron J Jose
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-66173",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-19T15:40:25.549400Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-269",
                    "description": "CWE-269 Improper Privilege Management",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-19T15:40:52.217Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "DS-7104HGHI-F1",
              "vendor": "Hikvision",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions below V4.30.122_201107 (including V4.30.122_201107)"
                }
              ]
            },
            {
              "product": "DS-7204HGHI-F1",
              "vendor": "Hikvision",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions below V4.30.122_201107 (including V4.30.122_201107)"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Aaron J Jose"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted shell environment."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-19T06:45:40.814Z",
            "orgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
            "shortName": "hikvision"
          },
          "references": [
            {
              "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/serial-port-privilege-escalation-vulnerabilities-in-some-hikvision-nvr-devices/"
            }
          ],
          "x_generator": {
            "engine": "cveClient/1.0.15"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "da451dce-859b-4e51-8b87-9c8b60d19b32",
        "assignerShortName": "hikvision",
        "cveId": "CVE-2025-66173",
        "datePublished": "2025-12-19T06:39:38.504Z",
        "dateReserved": "2025-11-24T08:59:35.902Z",
        "dateUpdated": "2025-12-19T15:40:52.217Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-7057 (GCVE-0-2020-7057)

    Vulnerability from cvelistv5 – Published: 2020-01-14 21:28 – Updated: 2024-08-04 09:18
    VLAI
    Summary
    Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:18:03.020Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sku11army.blogspot.com/2020/01/hikvision-dvr-ds-7204hghi-user.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-14T22:09:11.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sku11army.blogspot.com/2020/01/hikvision-dvr-ds-7204hghi-user.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-7057",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://sku11army.blogspot.com/2020/01/hikvision-dvr-ds-7204hghi-user.html",
                  "refsource": "MISC",
                  "url": "https://sku11army.blogspot.com/2020/01/hikvision-dvr-ds-7204hghi-user.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-7057",
        "datePublished": "2020-01-14T21:28:51.000Z",
        "dateReserved": "2020-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:18:03.020Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }