Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
hikvision ds-k1t320efwx firmware - |
||
hikvision ds-k1t320efx firmware - |
||
hikvision ds-k1t320ewx firmware - |
||
hikvision ds-k1t320ex firmware - |
||
hikvision ds-k1t320mfwx firmware - |
||
hikvision ds-k1t320mfx firmware - |
||
hikvision ds-k1t320mwx firmware - |
||
hikvision ds-k1t320mx firmware - |
||
hikvision ds-k1t341am firmware - |
||
hikvision ds-k1t341amf firmware - |
||
hikvision ds-k1t341cm firmware - |
||
hikvision ds-k1t343ewx firmware - |
||
hikvision ds-k1t343ex firmware - |
||
hikvision ds-k1t343mwx firmware - |
||
hikvision ds-k1t343mx firmware - |
||
hikvision ds-k1t671 firmware - |
||
hikvision ds-k1t671m firmware - |
||
hikvision ds-k1t671mf firmware - |
||
hikvision ds-k1t671t firmware - |
||
hikvision ds-k1t671tm firmware - |
||
hikvision ds-k1t671tm-3xf firmware - |
||
hikvision ds-k1t671tmf firmware - |
||
hikvision ds-k1t671tmfw firmware - |
||
hikvision ds-k1t671tmw firmware - |
||
hikvision ds-k1t804af firmware - |
||
hikvision ds-k1t804amf firmware - |
Vulmon