There are Abuse of Functionality and Brute Force vulnerabilities in Hikvision DS-7204HWI-SH.
-------------------------
Affected products:
-------------------------
Vulnerable is the next model: Hikvision DS-7204HWI-SH with different versions of firmware.
----------
Details:
----------
Abuse of Functionality (WASC-42):
Login is persistent: admin (only logins for users can be changed). Which simplify Brute Force attack.
Brute Force (WASC-11):
In login form http://site/doc/page/login.asp there is no protection against Brute Force attacks. Which allows to pick up password (if it was changed from default).
I found this and other web cameras during summer to watch terrorists activities in Donetsk and Lugansks regions of Ukraine and also I took under control web cameras in Russia (http://lists.webappsec.org/pi
I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/727
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua