CVSS: 8.8EPSS: 0%CPEs: 116EXPL: 0CVE-2017-7923
https://notcve.org/view.php?id=CVE-2017-7923
A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The password in configuration file vulnerability could allow a malicious user to escalate privileges or assume the identity of another user and access sensitive information. Se detectó un problema de Contraseña en el Archivo de Configuración en dispositivos DS-2CD2xx2F-I Series versiones V5.2.0 build 140721 hasta V5.4.0 build 160530, DS-2CD2xx0F-I Series versiones V5.2.0 build 140721 hasta 5.4.0 Build 160401, Serie DS-2CD2xx2FWD versiones V5.3.1 build 150410 hasta 5.4.4 Build 161125, Serie DS-2CD4x2xFWD versiones 5.2.0 build 140721 hasta 5.4.0 Build 160414, Serie DS-2CD4xx5 versiones 5.2.0 build 140721 hasta 5.4.0 Build 160421, Serie DS-2DFx versiones 5.2.0 build 140805 hasta versión 5.4.5 Build 160928 y Serie DS-2CD63xx versiones 5.0.9 build 140305 hasta 5.3.5 Build 160106 de Hikvision. La vulnerabilidad de contraseña en el archivo de configuración podría permitir a un usuario malicioso escalar privilegios o asumir la identidad de otro usuario y acceder a información confidencial. • http://www.hikvision.com/us/about_10807.html http://www.securityfocus.com/bid/98313 https://ghostbin.com/paste/q2vq2 https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-260: Password in Configuration File •
CVSS: 10.0EPSS: 1%CPEs: 116EXPL: 8CVE-2017-7921 – Hikvision IP Camera Unauthenticated Password Change Via Improper Authentication Logic
https://notcve.org/view.php?id=CVE-2017-7921
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information. Se detectó un problema de autenticación inapropiada en dispositivos DS-2CD2xx2F-I Series versiones V5.2.0 build 140721 hasta V5.4.0 build 160530, DS-2CD2xx0F-I Series versiones V5.2.0 build 140721 hasta V5.4.0 build 160530, DS-2CD2xx0F-I Series versiones V5.2.0 build 140721 hasta V5.4.0 build 160530, DS-2CD2xx0F-I Series versiones V5.2.0 build 140721 hasta V5.4.0 Build 160401, DS-2CD2xx2FWD Series versiones V5.3.1 build 150410 hasta V5.4.4 Build 161125, DS-2CD4x2xFWD Series versiones 5.2.0 build 140721 hasta V5.4.0 Build 160414, DS-2CD4xx5 Series versiones 5.2.0 build 140721 hasta V5.4.0 Build 160421, DS-2DFx Series versiones 5.2.0 build 140805 hasta V5.4.5 Build 160928 y Serie DS-2CD63xx versión 5.0.9 build 140305 hasta versión V5.3.5 Build 160106 de Hikvision. La vulnerabilidad de autenticación inapropiada ocurre cuando una aplicación no autentica adecuada o apropiadamente a los usuarios. • https://github.com/JrDw0/CVE-2017-7921-EXP https://github.com/BurnyMcDull/CVE-2017-7921 https://github.com/K3ysTr0K3R/CVE-2017-7921-EXPLOIT https://github.com/201646613/CVE-2017-7921 https://github.com/kooroshsanaei/HikVision-CVE-2017-7921 https://github.com/b3pwn3d/CVE-2017-7921 https://github.com/fracergu/CVE-2017-7921 https://github.com/inj3ction/CVE-2017-7921-EXP http://www.hikvision.com/us/about_10805.html http://www.securityfocus.com/bid/98313 https://ghostbin • CWE-287: Improper Authentication •