CVE-2021-33044

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-33044
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2021/Oct/13 Exploit Mailing List Third Party Advisory
https://www.dahuasecurity.com/support/cybersecurity/details/957 Vendor Advisory
http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2021/Oct/13 Exploit Mailing List Third Party Advisory
https://www.dahuasecurity.com/support/cybersecurity/details/957 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dahuasecurity:ipc-hum7xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hum7xxx:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd1a1:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd22:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dahuasecurity:sd41_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd41:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-bf1241:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-bf2221:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:dahuasecurity:tpc-pt8x21b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-pt8x21b:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-sd2221:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:dahuasecurity:vto-65xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:vto-65xxx:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:dahuasecurity:vto-75x95x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:vto-75x95x:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:dahuasecurity:vth-542xh_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:vth-542xh:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:dahuasecurity:tpc-bf5x21_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-bf5x21:-:*:*:*:*:*:*:*
History

21 Nov 2024, 06:08

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html - Exploit, Third Party Advisory, VDB Entry
References () http://seclists.org/fulldisclosure/2021/Oct/13 - Exploit, Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2021/Oct/13 - Exploit, Mailing List, Third Party Advisory
References () https://www.dahuasecurity.com/support/cybersecurity/details/957 - Vendor Advisory () https://www.dahuasecurity.com/support/cybersecurity/details/957 - Vendor Advisory

02 Dec 2021, 13:50

Type Values Removed Values Added
References (MISC) http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html - (MISC) http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html - Exploit, Third Party Advisory, VDB Entry
References (FULLDISC) http://seclists.org/fulldisclosure/2021/Oct/13 - (FULLDISC) http://seclists.org/fulldisclosure/2021/Oct/13 - Exploit, Mailing List, Third Party Advisory

06 Oct 2021, 17:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html -

06 Oct 2021, 05:15

Type Values Removed Values Added
References
  • (FULLDISC) http://seclists.org/fulldisclosure/2021/Oct/13 -

30 Sep 2021, 16:48

Type Values Removed Values Added
CWE CWE-287
CVSS v2 : unknown
v3 : unknown 		v2 : 10.0
v3 : 9.8
References (MISC) https://www.dahuasecurity.com/support/cybersecurity/details/957 - (MISC) https://www.dahuasecurity.com/support/cybersecurity/details/957 - Vendor Advisory
CPE cpe:2.3:h:dahuasecurity:tpc-bf2221:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:tpc-bf5x21_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-bf5x21:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd41:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:vto-75x95x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:vth-542xh_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:vth-542xh:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-bf1241:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd22:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:sd41_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:tpc-pt8x21b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:ipc-hum7xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:vto-65xxx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-pt8x21b:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:vto-75x95x:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:sd1a1:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:tpc-sd2221:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:vto-65xxx:-:*:*:*:*:*:*:*
cpe:2.3:h:dahuasecurity:ipc-hum7xxx:-:*:*:*:*:*:*:*
cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*

15 Sep 2021, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2021-09-15 22:15

Updated : 2024-11-21 06:08

NVD link : CVE-2021-33044

Mitre link : CVE-2021-33044

CVE.ORG link : CVE-2021-33044

JSON object : View

Products Affected

dahuasecurity

  • tpc-bf5x01
  • tpc-sd2221_firmware
  • vto-75x95x_firmware
  • vth-542xh
  • ipc-hx3xxx_firmware
  • vth-542xh_firmware
  • ipc-hum7xxx
  • sd6al
  • tpc-sd2221
  • ipc-hx3xxx
  • vto-75x95x
  • sd6al_firmware
  • sd22_firmware
  • sd52c_firmware
  • sd41
  • sd50
  • tpc-bf2221
  • tpc-bf5x01_firmware
  • tpc-pt8x21b_firmware
  • vto-65xxx_firmware
  • sd22
  • sd1a1_firmware
  • ipc-hum7xxx_firmware
  • ipc-hx5xxx_firmware
  • tpc-bf1241
  • sd1a1
  • ipc-hx5xxx
  • tpc-bf2221_firmware
  • vto-65xxx
  • sd52c
  • tpc-bf5x21
  • tpc-sd8x21_firmware
  • tpc-bf5x21_firmware
  • tpc-pt8x21b
  • sd50_firmware
  • sd41_firmware
  • tpc-sd8x21
  • tpc-bf1241_firmware
CWE
CWE-287

Improper Authentication