CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2020-7057
https://notcve.org/view.php?id=CVE-2020-7057
14 Jan 2020 — Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed. Hikvision DVR DS-7204HGHI-F1 versión V4.0.1 build 180903 Versión Web, envía una respuesta diferente para intentos fallidos de inicio de sesión de ISAPI/Security/sessionLogin/capabilities dependiendo de si la cu... • https://sku11army.blogspot.com/2020/01/hikvision-dvr-ds-7204hghi-user.html • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6414
https://notcve.org/view.php?id=CVE-2018-6414
13 Aug 2018 — A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or crash the process. Una vulnerabilidad de desbordamiento de búfer en el servidor web de algunas cámaras IP de Hikvision permite a un atacante enviar un mensaje especialmente manipulado a los dispositivos afectados. Debido a la insuficient... • https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification--buffer-overflow-vulnerability-in-some-hik • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6413
https://notcve.org/view.php?id=CVE-2018-6413
18 Apr 2018 — There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4.1.2 build 160203 and before, and this vulnerability allows remote attackers to launch a denial of service attack (service interruption) via a crafted network setting interface request. Hay un desbordamiento de búfer en Hikvision Camera DS-2CD9111-S, V4.1.2 build 160203 y anteriores, que permite que atacantes remotos lancen un ataque de denegación de servicio (interrupción del servicio) mediante una petición de interfaz de configuración de... • http://www1.hikvision.com/cn/support_det_591_i514.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-14953 – HikVision Wi-Fi IP Camera Wireless Access Point State
https://notcve.org/view.php?id=CVE-2017-14953
28 Nov 2017 — HikVision Wi-Fi IP cameras, when used in a wired configuration, allow physically proximate attackers to trigger association with an arbitrary access point by leveraging a default SSID with no WiFi encryption or authentication. NOTE: Vendor states that this is not a vulnerability, but more an increase to the attack surface of the product ** EN DISPUTA ** Las cámaras IP HikVision, cuando se utilizan en una configuración por cable, permiten que los atacantes cercanos físicamente desencadenen la asociación con ... • http://packetstormsecurity.com/files/145131/HikVision-Wi-Fi-IP-Camera-Wireless-Access-Point-State.html • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13774
https://notcve.org/view.php?id=CVE-2017-13774
30 Aug 2017 — Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to generate password-recovery codes via unspecified vectors. Los dispositivos Hikvision iVMS-4200 en versiones anteriores a la v2.6.2.7 permiten que los usuarios locales generen códigos de recuperación de contraseñas mediante vectores no especificados. • https://ipvm.com/reports/hik-vms-pass • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 116EXPL: 0CVE-2017-7923
https://notcve.org/view.php?id=CVE-2017-7923
06 May 2017 — A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106... • http://www.hikvision.com/us/about_10807.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-260: Password in Configuration File •
CVSS: 10.0EPSS: 31%CPEs: 116EXPL: 15CVE-2017-7921 – Hikvision IP Camera Unauthenticated Password Change Via Improper Authentication Logic
https://notcve.org/view.php?id=CVE-2017-7921
06 May 2017 — An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devic... • https://github.com/JrDw0/CVE-2017-7921-EXP • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2015-4409
https://notcve.org/view.php?id=CVE-2015-4409
13 Mar 2017 — Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the SDK issue. Desbordamiento de búfer en dispositivos Hikvision NVR DS-76xxNI-E1/2 y DS-77xxxNI-E4 en versiones anteriores a 3.4.0 permite a usuarios remotos autenticados provocar una denegación de servicio (interrupción del servicio) a través de una petición HTTP manipulada, también conocido como el prob... • http://www.hikvision.com/En/Press-Release-details_435_i1023.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2015-4408
https://notcve.org/view.php?id=CVE-2015-4408
13 Mar 2017 — Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the ISAPI issue. Desbordamiento de búfer en dispositivos Hikvision NVR DS-76xxNI-E1/2 y DS-77xxxNI-E4 en versiones anteriores a 3.4.0 permite a usuarios remotos autenticados provocar una denegación de servicio (interrupción del servicio) a través de una petición HTTP manipulada, también conocido como el pr... • http://www.hikvision.com/En/Press-Release-details_435_i1023.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2015-4407
https://notcve.org/view.php?id=CVE-2015-4407
13 Mar 2017 — Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the PSIA issue. Desbordamiento de búfer en dispositivos Hikvision NVR DS-76xxNI-E1/2 y DS-77xxxNI-E4 en versiones anteriores a 3.4.0 permite a usuarios remotos autenticados provocar una denegación de servicio (interrupción del servicio) a través de una petición HTTP manipulada, también conocido como el pro... • http://www.hikvision.com/En/Press-Release-details_435_i1023.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •