Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
hikvision ds-k1t320efwx_firmware - |
||
hikvision ds-k1t320efx_firmware - |
||
hikvision ds-k1t320ewx_firmware - |
||
hikvision ds-k1t320ex_firmware - |
||
hikvision ds-k1t320mfwx_firmware - |
||
hikvision ds-k1t320mfx_firmware - |
||
hikvision ds-k1t320mwx_firmware - |
||
hikvision ds-k1t320mx_firmware - |
||
hikvision ds-k1t341am_firmware - |
||
hikvision ds-k1t341amf_firmware - |
||
hikvision ds-k1t341cm_firmware - |
||
hikvision ds-k1t343ewx_firmware - |
||
hikvision ds-k1t343ex_firmware - |
||
hikvision ds-k1t343mwx_firmware - |
||
hikvision ds-k1t343mx_firmware - |
||
hikvision ds-k1t671_firmware - |
||
hikvision ds-k1t671m_firmware - |
||
hikvision ds-k1t671mf_firmware - |
||
hikvision ds-k1t671t_firmware - |
||
hikvision ds-k1t671tm_firmware - |
||
hikvision ds-k1t671tm-3xf_firmware - |
||
hikvision ds-k1t671tmf_firmware - |
||
hikvision ds-k1t671tmfw_firmware - |
||
hikvision ds-k1t671tmw_firmware - |
||
hikvision ds-k1t804af_firmware - |
||
hikvision ds-k1t804amf_firmware - |
Vulmon