CVE-2021-33046

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-33046
Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://support.dahuatech.com/networkSecurity/securityDetails?id=95 Vendor Advisory
https://www.dahuasecurity.com/support/cybersecurity/details/957 Not Applicable
https://www.dahuasecurity.com/support/cybersecurity/details/987 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dahuasecurity:ipc-hx1xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hx1xxx:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dahuasecurity:ipc-hx5\(4\)\(3\)xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hx5\(4\)\(3\)xxx:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd1a1:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd22:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dahuasecurity:sd49_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd49:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-bf1241:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-bf2221:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:dahuasecurity:tpc-pt8x21x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-pt8x21x:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-sd2221:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:dahuasecurity:nvr1xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:nvr1xxx:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:dahuasecurity:nvr2xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:nvr2xxx:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:dahuasecurity:nvr4xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:nvr4xxx:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:dahuasecurity:nvr5xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:nvr5xxx:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:dahuasecurity:xvr4xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:xvr4xxx:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:dahuasecurity:xvr5xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:xvr5xxx:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:dahuasecurity:xvr7xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:xvr7xxx:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:dahuasecurity:hcvr7xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:hcvr7xxx:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:dahuasecurity:hcvr8xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:hcvr8xxx:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:dahuasecurity:vtox20xf_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:vtox20xf:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:dahuasecurity:asc2204c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:asc2204c:-:*:*:*:*:*:*:*
History

25 Jan 2022, 15:13

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : 7.5
v3 : 9.8
First Time Dahuasecurity tpc-sd8x21 Firmware
Dahuasecurity sd22
Dahuasecurity hcvr7xxx
Dahuasecurity xvr5xxx
Dahuasecurity ipc-hx2xxx Firmware
Dahuasecurity tpc-bf2221 Firmware
Dahuasecurity tpc-pt8x21x
Dahuasecurity nvr1xxx Firmware
Dahuasecurity nvr5xxx
Dahuasecurity sd6al Firmware
Dahuasecurity ipc-hx3xxx Firmware
Dahuasecurity ipc-hx5xxx
Dahuasecurity asc2204c Firmware
Dahuasecurity sd50 Firmware
Dahuasecurity vtox20xf Firmware
Dahuasecurity ipc-hx2xxx
Dahuasecurity hcvr7xxx Firmware
Dahuasecurity ipc-hx5\(4\)\(3\)xxx
Dahuasecurity
Dahuasecurity xvr7xxx
Dahuasecurity tpc-bf1241
Dahuasecurity tpc-bf5x01
Dahuasecurity sd1a1
Dahuasecurity hcvr8xxx
Dahuasecurity ipc-hx1xxx Firmware
Dahuasecurity tpc-sd2221 Firmware
Dahuasecurity ipc-hx1xxx
Dahuasecurity xvr4xxx
Dahuasecurity sd49 Firmware
Dahuasecurity tpc-bf2221
Dahuasecurity xvr5xxx Firmware
Dahuasecurity nvr5xxx Firmware
Dahuasecurity nvr4xxx
Dahuasecurity nvr4xxx Firmware
Dahuasecurity xvr4xxx Firmware
Dahuasecurity tpc-sd8x21
Dahuasecurity nvr1xxx
Dahuasecurity ipc-hx5xxx Firmware
Dahuasecurity vtox20xf
Dahuasecurity ipc-hx5\(4\)\(3\)xxx Firmware
Dahuasecurity ipc-hx3xxx
Dahuasecurity sd22 Firmware
Dahuasecurity sd6al
Dahuasecurity tpc-bf1241 Firmware
Dahuasecurity sd50
Dahuasecurity sd52c
Dahuasecurity hcvr8xxx Firmware
Dahuasecurity tpc-pt8x21x Firmware
Dahuasecurity sd52c Firmware
Dahuasecurity tpc-bf5x01 Firmware
Dahuasecurity sd49
Dahuasecurity tpc-sd2221
Dahuasecurity xvr7xxx Firmware
Dahuasecurity nvr2xxx
Dahuasecurity sd1a1 Firmware
Dahuasecurity nvr2xxx Firmware
Dahuasecurity asc2204c
CPE cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:sd49_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-bf2221:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:nvr5xxx:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:hcvr8xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hx5\(4\)\(3\)xxx:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:xvr7xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:xvr7xxx:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:vtox20xf:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:xvr4xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-pt8x21x:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-sd2221:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd1a1:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:nvr1xxx:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:nvr5xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:xvr5xxx:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:nvr4xxx:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hx1xxx:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:hcvr7xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:hcvr8xxx:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:xvr5xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:asc2204c:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:nvr1xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:nvr2xxx:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:ipc-hx1xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:ipc-hx5\(4\)\(3\)xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-bf1241:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:hcvr7xxx:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:tpc-pt8x21x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd49:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:vtox20xf_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd22:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:xvr4xxx:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:nvr4xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:asc2204c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:nvr2xxx_firmware:*:*:*:*:*:*:*:*
CWE CWE-287
References (CONFIRM) https://www.dahuasecurity.com/support/cybersecurity/details/987 - (CONFIRM) https://www.dahuasecurity.com/support/cybersecurity/details/987 - Vendor Advisory
References (CONFIRM) https://support.dahuatech.com/networkSecurity/securityDetails?id=95 - (CONFIRM) https://support.dahuatech.com/networkSecurity/securityDetails?id=95 - Vendor Advisory
References (MISC) https://www.dahuasecurity.com/support/cybersecurity/details/957 - (MISC) https://www.dahuasecurity.com/support/cybersecurity/details/957 - Not Applicable

14 Jan 2022, 19:15

Type Values Removed Values Added
References
  • (CONFIRM) https://www.dahuasecurity.com/support/cybersecurity/details/987 -
  • (CONFIRM) https://support.dahuatech.com/networkSecurity/securityDetails?id=95 -

13 Jan 2022, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-01-13 21:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-33046

Mitre link : CVE-2021-33046

CVE.ORG link : CVE-2021-33046

JSON object : View

Products Affected

dahuasecurity

  • tpc-bf2221_firmware
  • xvr7xxx
  • ipc-hx1xxx
  • xvr7xxx_firmware
  • tpc-sd2221_firmware
  • sd49_firmware
  • tpc-bf1241_firmware
  • nvr4xxx
  • sd52c_firmware
  • hcvr7xxx_firmware
  • ipc-hx2xxx_firmware
  • ipc-hx2xxx
  • ipc-hx5\(4\)\(3\)xxx_firmware
  • xvr5xxx_firmware
  • vtox20xf
  • tpc-sd8x21
  • sd49
  • tpc-bf1241
  • xvr4xxx
  • hcvr7xxx
  • sd22_firmware
  • hcvr8xxx
  • tpc-bf2221
  • xvr5xxx
  • ipc-hx3xxx
  • sd52c
  • ipc-hx5\(4\)\(3\)xxx
  • sd50
  • sd6al
  • asc2204c_firmware
  • nvr2xxx
  • tpc-bf5x01_firmware
  • tpc-pt8x21x_firmware
  • asc2204c
  • sd50_firmware
  • ipc-hx5xxx
  • nvr1xxx_firmware
  • nvr4xxx_firmware
  • xvr4xxx_firmware
  • nvr5xxx_firmware
  • nvr5xxx
  • ipc-hx5xxx_firmware
  • sd22
  • ipc-hx3xxx_firmware
  • nvr1xxx
  • tpc-pt8x21x
  • sd6al_firmware
  • nvr2xxx_firmware
  • sd1a1
  • hcvr8xxx_firmware
  • tpc-bf5x01
  • ipc-hx1xxx_firmware
  • sd1a1_firmware
  • vtox20xf_firmware
  • tpc-sd2221
  • tpc-sd8x21_firmware
CWE
CWE-287

Improper Authentication