CVE-2021-33046

Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://support.dahuatech.com/networkSecurity/securityDetails?id=95	Vendor Advisory
https://www.dahuasecurity.com/support/cybersecurity/details/957	Not Applicable
https://www.dahuasecurity.com/support/cybersecurity/details/987	Vendor Advisory
https://support.dahuatech.com/networkSecurity/securityDetails?id=95	Vendor Advisory
https://www.dahuasecurity.com/support/cybersecurity/details/957	Not Applicable
https://www.dahuasecurity.com/support/cybersecurity/details/987	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dahuasecurity:ipc-hx1xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx1xxx:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dahuasecurity:ipc-hx5\(4\)\(3\)xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx5\(4\)\(3\)xxx:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd1a1:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd22:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:dahuasecurity:sd49_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd49:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf1241:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf2221:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:dahuasecurity:tpc-pt8x21x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-pt8x21x:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-sd2221:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:dahuasecurity:nvr1xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr1xxx:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:dahuasecurity:nvr2xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr2xxx:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:dahuasecurity:nvr4xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr4xxx:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:dahuasecurity:nvr5xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr5xxx:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:dahuasecurity:xvr4xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr4xxx:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:dahuasecurity:xvr5xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr5xxx:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:dahuasecurity:xvr7xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr7xxx:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:dahuasecurity:hcvr7xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:hcvr7xxx:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:dahuasecurity:hcvr8xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:hcvr8xxx:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:dahuasecurity:vtox20xf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:vtox20xf:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:dahuasecurity:asc2204c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:asc2204c:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:08

Type	Values Removed	Values Added
References	~~() https://support.dahuatech.com/networkSecurity/securityDetails?id=95 - Vendor Advisory~~	() https://support.dahuatech.com/networkSecurity/securityDetails?id=95 - Vendor Advisory
References	~~() https://www.dahuasecurity.com/support/cybersecurity/details/957 - Not Applicable~~	() https://www.dahuasecurity.com/support/cybersecurity/details/957 - Not Applicable
References	~~() https://www.dahuasecurity.com/support/cybersecurity/details/987 - Vendor Advisory~~	() https://www.dahuasecurity.com/support/cybersecurity/details/987 - Vendor Advisory

25 Jan 2022, 15:13

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.5 v3 : 9.8
CWE		CWE-287
CPE		cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:::::::: cpe:2.3:o:dahuasecurity:nvr4xxx_firmware:::::::: cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:::::::* cpe:2.3:o:dahuasecurity:ipc-hx5\(4\)\(3\)xxx_firmware:::::::: cpe:2.3:h:dahuasecurity:sd22:-:::::::* cpe:2.3:h:dahuasecurity:xvr4xxx:-:::::::* cpe:2.3:h:dahuasecurity:sd6al:-:::::::* cpe:2.3:h:dahuasecurity:tpc-bf2221:-:::::::* cpe:2.3:o:dahuasecurity:hcvr7xxx_firmware:::::::: cpe:2.3:o:dahuasecurity:vtox20xf_firmware:::::::: cpe:2.3:o:dahuasecurity:asc2204c_firmware:::::::: cpe:2.3:o:dahuasecurity:sd1a1_firmware:::::::: cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:::::::: cpe:2.3:h:dahuasecurity:ipc-hx5\(4\)\(3\)xxx:-:::::::* cpe:2.3:h:dahuasecurity:tpc-sd2221:-:::::::* cpe:2.3:o:dahuasecurity:nvr5xxx_firmware:::::::: cpe:2.3:o:dahuasecurity:sd49_firmware:::::::: cpe:2.3:o:dahuasecurity:xvr5xxx_firmware:::::::: cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:::::::: cpe:2.3:o:dahuasecurity:nvr2xxx_firmware:::::::: cpe:2.3:h:dahuasecurity:vtox20xf:-:::::::* cpe:2.3:h:dahuasecurity:xvr5xxx:-:::::::* cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:::::::: cpe:2.3:h:dahuasecurity:tpc-pt8x21x:-:::::::* cpe:2.3:o:dahuasecurity:xvr4xxx_firmware:::::::: cpe:2.3:o:dahuasecurity:ipc-hx1xxx_firmware:::::::: cpe:2.3:o:dahuasecurity:tpc-pt8x21x_firmware:::::::: cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:::::::: cpe:2.3:h:dahuasecurity:xvr7xxx:-:::::::* cpe:2.3:h:dahuasecurity:sd52c:-:::::::* cpe:2.3:h:dahuasecurity:hcvr8xxx:-:::::::* cpe:2.3:o:dahuasecurity:sd50_firmware:::::::: cpe:2.3:o:dahuasecurity:hcvr8xxx_firmware:::::::: cpe:2.3:h:dahuasecurity:ipc-hx1xxx:-:::::::* cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:::::::: cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:::::::* cpe:2.3:o:dahuasecurity:sd22_firmware:::::::: cpe:2.3:h:dahuasecurity:sd49:-:::::::* cpe:2.3:h:dahuasecurity:nvr5xxx:-:::::::* cpe:2.3:h:dahuasecurity:hcvr7xxx:-:::::::* cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:::::::: cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:::::::* cpe:2.3:h:dahuasecurity:nvr2xxx:-:::::::* cpe:2.3:h:dahuasecurity:asc2204c:-:::::::* cpe:2.3:o:dahuasecurity:xvr7xxx_firmware:::::::: cpe:2.3:h:dahuasecurity:sd1a1:-:::::::* cpe:2.3:o:dahuasecurity:sd6al_firmware:::::::: cpe:2.3:h:dahuasecurity:tpc-bf1241:-:::::::* cpe:2.3:h:dahuasecurity:nvr4xxx:-:::::::* cpe:2.3:h:dahuasecurity:sd50:-:::::::* cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:::::::* cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:::::::: cpe:2.3:o:dahuasecurity:nvr1xxx_firmware:::::::: cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:::::::* cpe:2.3:o:dahuasecurity:sd52c_firmware:::::::: cpe:2.3:h:dahuasecurity:nvr1xxx:-:::::::*
References	~~(MISC) https://www.dahuasecurity.com/support/cybersecurity/details/957 -~~	(MISC) https://www.dahuasecurity.com/support/cybersecurity/details/957 - Not Applicable
References	~~(CONFIRM) https://www.dahuasecurity.com/support/cybersecurity/details/987 -~~	(CONFIRM) https://www.dahuasecurity.com/support/cybersecurity/details/987 - Vendor Advisory
References	~~(CONFIRM) https://support.dahuatech.com/networkSecurity/securityDetails?id=95 -~~	(CONFIRM) https://support.dahuatech.com/networkSecurity/securityDetails?id=95 - Vendor Advisory

14 Jan 2022, 19:15

Type	Values Removed	Values Added
References		(CONFIRM) https://www.dahuasecurity.com/support/cybersecurity/details/987 - (CONFIRM) https://support.dahuatech.com/networkSecurity/securityDetails?id=95 -

13 Jan 2022, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-01-13 21:15

Updated : 2024-11-21 06:08

NVD link : CVE-2021-33046

Mitre link : CVE-2021-33046

CVE.ORG link : CVE-2021-33046

JSON object : View

Products Affected

dahuasecurity

ipc-hx5xxx_firmware
nvr1xxx_firmware
vtox20xf_firmware
tpc-pt8x21x_firmware
sd50
sd22_firmware
nvr2xxx
xvr4xxx
tpc-sd8x21_firmware
ipc-hx5\(4\)\(3\)xxx
ipc-hx2xxx
sd50_firmware
nvr1xxx
vtox20xf
hcvr8xxx
nvr2xxx_firmware
sd52c_firmware
sd6al_firmware
sd22
xvr5xxx
tpc-bf5x01_firmware
sd52c
nvr4xxx
tpc-sd8x21
hcvr7xxx_firmware
xvr4xxx_firmware
xvr7xxx_firmware
tpc-bf1241_firmware
ipc-hx1xxx
ipc-hx3xxx
tpc-bf2221_firmware
ipc-hx2xxx_firmware
asc2204c_firmware
asc2204c
xvr5xxx_firmware
tpc-bf5x01
nvr4xxx_firmware
nvr5xxx_firmware
xvr7xxx
ipc-hx5xxx
sd49_firmware
tpc-bf1241
ipc-hx1xxx_firmware
ipc-hx3xxx_firmware
sd49
tpc-bf2221
tpc-pt8x21x
tpc-sd2221
ipc-hx5\(4\)\(3\)xxx_firmware
sd6al
sd1a1
sd1a1_firmware
hcvr8xxx_firmware
tpc-sd2221_firmware
hcvr7xxx
nvr5xxx

CWE

CWE-287

Improper Authentication

9.8 /10