CVE-2021-33045

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-33045
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2021/Oct/13 Exploit Mailing List Third Party Advisory
https://www.dahuasecurity.com/support/cybersecurity/details/957 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dahuasecurity:ipc-hum7xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hum7xxx:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dahuasecurity:nvr-1xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:nvr-1xxx:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dahuasecurity:nvr-2xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:nvr-2xxx:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dahuasecurity:nvr-4xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:nvr-4xxx:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dahuasecurity:nvr-5xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:nvr-5xxx:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dahuasecurity:nvr-6xx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:nvr-6xx:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dahuasecurity:vth-542xh_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:vth-542xh:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dahuasecurity:vto-65xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:vto-65xxx:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:dahuasecurity:vto-75x95x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:vto-75x95x:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dahuasecurity:xvr-4x04_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:xvr-4x04:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:dahuasecurity:xvr-4x08_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:xvr-4x08:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:dahuasecurity:xvr-4x04_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:xvr-4x04:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:dahuasecurity:xvr-5x04_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:xvr-5x04:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:dahuasecurity:xvr-5x08_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:xvr-5x08:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:dahuasecurity:xvr-5x16_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:xvr-5x16:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:dahuasecurity:xvr-7x16_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:xvr-7x16:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:dahuasecurity:xvr-7x32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:xvr-7x32:-:*:*:*:*:*:*:*
History

02 Dec 2021, 13:49

Type Values Removed Values Added
References (FULLDISC) http://seclists.org/fulldisclosure/2021/Oct/13 - (FULLDISC) http://seclists.org/fulldisclosure/2021/Oct/13 - Exploit, Mailing List, Third Party Advisory
References (MISC) http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html - (MISC) http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html - Exploit, Third Party Advisory, VDB Entry

06 Oct 2021, 17:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html -

06 Oct 2021, 05:15

Type Values Removed Values Added
References
  • (FULLDISC) http://seclists.org/fulldisclosure/2021/Oct/13 -

30 Sep 2021, 16:47

Type Values Removed Values Added
References (MISC) https://www.dahuasecurity.com/support/cybersecurity/details/957 - (MISC) https://www.dahuasecurity.com/support/cybersecurity/details/957 - Vendor Advisory
CWE CWE-287
CPE cpe:2.3:o:dahuasecurity:nvr-1xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:xvr-5x04:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:ipc-hum7xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:nvr-1xxx:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:xvr-5x16:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:xvr-4x08_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:nvr-5xxx:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:xvr-5x08:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:xvr-5x16_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:xvr-4x08:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:xvr-4x04:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:nvr-2xxx:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:nvr-6xx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:vto-75x95x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:vto-65xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:xvr-4x04_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:nvr-4xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:xvr-7x16_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:nvr-2xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:xvr-7x32:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:nvr-6xx:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hum7xxx:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:nvr-4xxx:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:xvr-7x16:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:vth-542xh:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:vto-75x95x:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:vth-542xh_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:xvr-7x32_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:nvr-5xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:vto-65xxx:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:xvr-4x04_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:xvr-5x08_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:xvr-5x04_firmware:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : 10.0
v3 : 9.8

15 Sep 2021, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2021-09-15 22:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-33045

Mitre link : CVE-2021-33045

CVE.ORG link : CVE-2021-33045

JSON object : View

Products Affected

dahuasecurity

  • nvr-1xxx
  • nvr-5xxx_firmware
  • vto-65xxx_firmware
  • ipc-hum7xxx
  • xvr-7x16
  • xvr-4x04
  • xvr-7x32
  • nvr-6xx_firmware
  • vth-542xh
  • nvr-1xxx_firmware
  • nvr-2xxx
  • xvr-4x04_firmware
  • nvr-4xxx_firmware
  • ipc-hx5xxx
  • xvr-7x16_firmware
  • nvr-2xxx_firmware
  • xvr-7x32_firmware
  • ipc-hx3xxx
  • vth-542xh_firmware
  • nvr-6xx
  • xvr-5x08_firmware
  • ipc-hx5xxx_firmware
  • nvr-4xxx
  • vto-75x95x
  • xvr-5x08
  • xvr-5x16_firmware
  • xvr-5x04_firmware
  • xvr-5x04
  • xvr-4x08_firmware
  • xvr-5x16
  • xvr-4x08
  • vto-65xxx
  • vto-75x95x_firmware
  • ipc-hum7xxx_firmware
  • nvr-5xxx
  • ipc-hx3xxx_firmware
CWE
CWE-287

Improper Authentication