CVSS: 10.0EPSS: 83%CPEs: 38EXPL: 3CVE-2021-33045 – Dahua IP Camera Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-33045
15 Sep 2021 — The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. Una vulnerabilidad de omisión de autenticación de identidad encontrada en algunos productos Dahua durante el proceso de inicio de sesión. Los atacantes pueden omitir la autenticación de identidad del dispositivo al construir paquetes de datos maliciosos Various Dahua products suffers from multiple authentication by... • https://github.com/dongpohezui/cve-2021-33045 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6432
https://notcve.org/view.php?id=CVE-2017-6432
09 Mar 2017 — An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of fully privileged new users, in addition to capture of sensitive information. Se ha descubierto un problema en dispositivos Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06. El Dahua DVR Protocol, que opera en el ... • https://nullku7.github.io/stuff/exploit/dahua/2017/03/09/dahua-nvr-authbypass.html • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2017-6342
https://notcve.org/view.php?id=CVE-2017-6342
27 Feb 2017 — An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19. When SmartPSS Software is launched, while on the login screen, the software in the background automatically logs in as admin. This allows sniffing sensitive information identified in CVE-2017-6341 without prior knowledge of the password. This is a different vulnerability than CVE-2013-6117. Dispositivos Dahua DHI-HCVR7216A-... • http://www.securityfocus.com/bid/96454 • CWE-269: Improper Privilege Management •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2017-6341
https://notcve.org/view.php?id=CVE-2017-6341
27 Feb 2017 — Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117. Dispositivos Dahua DHI-HCVR7216A-S3 con NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2... • http://www.securityfocus.com/bid/96456 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.3EPSS: 21%CPEs: 4EXPL: 0CVE-2017-6343
https://notcve.org/view.php?id=CVE-2017-6343
27 Feb 2017 — The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the corresponding password, a different vulnerability than CVE-2013-6117. La interfaz web de los dispostivos Dahua DHI-HCVR7216A-S3 con NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29 ... • http://www.securityfocus.com/bid/96449 • CWE-287: Improper Authentication •