CVE-2020-7057

MEDIUM

Hikvision DS-7204HGHI-F1 Firmware - User Enumeration via Login Response Discrepancy

Title source: llm
STIX 2.1

Description

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed.

References (1)

Core 1
Core References

Scores

CVSS v3 5.3
EPSS 0.0110
EPSS Percentile 61.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-307
Status published
Products (1)
hikvision/ds-7204hghi-f1_firmware 4.0.1 180903
Published Jan 14, 2020
Tracked Since Feb 18, 2026