CVE-2021-33044
Dahua IP Camera Authentication Bypass Vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
Act
*SSVC
Descriptions
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
Una vulnerabilidad de omisión de autenticación de identidad encontrada en algunos productos Dahua durante el proceso de inicio de sesión. Los atacantes pueden omitir la autenticación de la identidad del dispositivo al construir paquetes de datos maliciosos
Various Dahua products suffers from multiple authentication bypass vulnerabilities.
Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authentication.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Act
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-05-17 CVE Reserved
- 2021-09-15 CVE Published
- 2022-01-09 First Exploit
- 2024-08-21 Exploited in Wild
- 2024-08-22 EPSS Updated
- 2024-09-05 CVE Updated
- 2024-09-11 KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (5)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/dorkerdevil/CVE-2021-33044 | 2022-01-09 | |
| https://github.com/haingn/LoHongCam-CVE-2021-33044 | 2022-01-09 | |
| http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html | 2024-09-05 | |
| http://seclists.org/fulldisclosure/2021/Oct/13 | 2024-09-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.dahuasecurity.com/support/cybersecurity/details/957 | 2021-12-02 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dahuasecurity Search vendor "Dahuasecurity" | Ipc-hum7xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hum7xxx Firmware" | < 2.820.0000000.5.r.210705 Search vendor "Dahuasecurity" for product "Ipc-hum7xxx Firmware" and version " < 2.820.0000000.5.r.210705" | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Ipc-hum7xxx Search vendor "Dahuasecurity" for product "Ipc-hum7xxx" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Ipc-hx3xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hx3xxx Firmware" | < 2.800.0000000.29.r.210630 Search vendor "Dahuasecurity" for product "Ipc-hx3xxx Firmware" and version " < 2.800.0000000.29.r.210630" | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Ipc-hx3xxx Search vendor "Dahuasecurity" for product "Ipc-hx3xxx" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Ipc-hx5xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hx5xxx Firmware" | < 2.820.0000000.18.r.210705 Search vendor "Dahuasecurity" for product "Ipc-hx5xxx Firmware" and version " < 2.820.0000000.18.r.210705" | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Ipc-hx5xxx Search vendor "Dahuasecurity" for product "Ipc-hx5xxx" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Sd1a1 Firmware Search vendor "Dahuasecurity" for product "Sd1a1 Firmware" | < 2.812.0000007.0.r.210706 Search vendor "Dahuasecurity" for product "Sd1a1 Firmware" and version " < 2.812.0000007.0.r.210706" | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Sd1a1 Search vendor "Dahuasecurity" for product "Sd1a1" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Sd22 Firmware Search vendor "Dahuasecurity" for product "Sd22 Firmware" | < 2.812.0000007.0.r.210706 Search vendor "Dahuasecurity" for product "Sd22 Firmware" and version " < 2.812.0000007.0.r.210706" | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Sd22 Search vendor "Dahuasecurity" for product "Sd22" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Sd41 Firmware Search vendor "Dahuasecurity" for product "Sd41 Firmware" | < 2.812.0000007.0.r.210706 Search vendor "Dahuasecurity" for product "Sd41 Firmware" and version " < 2.812.0000007.0.r.210706" | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Sd41 Search vendor "Dahuasecurity" for product "Sd41" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Sd50 Firmware Search vendor "Dahuasecurity" for product "Sd50 Firmware" | < 2.812.0000007.0.r.210706 Search vendor "Dahuasecurity" for product "Sd50 Firmware" and version " < 2.812.0000007.0.r.210706" | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Sd50 Search vendor "Dahuasecurity" for product "Sd50" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Sd52c Firmware Search vendor "Dahuasecurity" for product "Sd52c Firmware" | < 2.812.0000007.0.r.210706 Search vendor "Dahuasecurity" for product "Sd52c Firmware" and version " < 2.812.0000007.0.r.210706" | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Sd52c Search vendor "Dahuasecurity" for product "Sd52c" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Sd6al Firmware Search vendor "Dahuasecurity" for product "Sd6al Firmware" | < 2.812.0000007.0.r.210706 Search vendor "Dahuasecurity" for product "Sd6al Firmware" and version " < 2.812.0000007.0.r.210706" | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Sd6al Search vendor "Dahuasecurity" for product "Sd6al" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Tpc-bf1241 Firmware Search vendor "Dahuasecurity" for product "Tpc-bf1241 Firmware" | < 2.630.0000000.6.r.210707 Search vendor "Dahuasecurity" for product "Tpc-bf1241 Firmware" and version " < 2.630.0000000.6.r.210707" | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Tpc-bf1241 Search vendor "Dahuasecurity" for product "Tpc-bf1241" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Tpc-bf2221 Firmware Search vendor "Dahuasecurity" for product "Tpc-bf2221 Firmware" | < 2.630.0000000.10.r.210707 Search vendor "Dahuasecurity" for product "Tpc-bf2221 Firmware" and version " < 2.630.0000000.10.r.210707" | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Tpc-bf2221 Search vendor "Dahuasecurity" for product "Tpc-bf2221" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Tpc-bf5x01 Firmware Search vendor "Dahuasecurity" for product "Tpc-bf5x01 Firmware" | < 2.630.0000000.12.r.210707 Search vendor "Dahuasecurity" for product "Tpc-bf5x01 Firmware" and version " < 2.630.0000000.12.r.210707" | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Tpc-bf5x01 Search vendor "Dahuasecurity" for product "Tpc-bf5x01" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Tpc-pt8x21b Firmware Search vendor "Dahuasecurity" for product "Tpc-pt8x21b Firmware" | < 2.630.0000000.10.r.210701 Search vendor "Dahuasecurity" for product "Tpc-pt8x21b Firmware" and version " < 2.630.0000000.10.r.210701" | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Tpc-pt8x21b Search vendor "Dahuasecurity" for product "Tpc-pt8x21b" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Tpc-sd2221 Firmware Search vendor "Dahuasecurity" for product "Tpc-sd2221 Firmware" | <= 2.630.0000000.7.r.210707 Search vendor "Dahuasecurity" for product "Tpc-sd2221 Firmware" and version " <= 2.630.0000000.7.r.210707" | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Tpc-sd2221 Search vendor "Dahuasecurity" for product "Tpc-sd2221" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Tpc-sd8x21 Firmware Search vendor "Dahuasecurity" for product "Tpc-sd8x21 Firmware" | < 2.630.0000000.9.r.210706 Search vendor "Dahuasecurity" for product "Tpc-sd8x21 Firmware" and version " < 2.630.0000000.9.r.210706" | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Tpc-sd8x21 Search vendor "Dahuasecurity" for product "Tpc-sd8x21" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Vto-65xxx Firmware Search vendor "Dahuasecurity" for product "Vto-65xxx Firmware" | < 4.300.0000004.0.r.210715 Search vendor "Dahuasecurity" for product "Vto-65xxx Firmware" and version " < 4.300.0000004.0.r.210715" | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Vto-65xxx Search vendor "Dahuasecurity" for product "Vto-65xxx" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Vto-75x95x Firmware Search vendor "Dahuasecurity" for product "Vto-75x95x Firmware" | < 4.300.0000003.0.r.210714 Search vendor "Dahuasecurity" for product "Vto-75x95x Firmware" and version " < 4.300.0000003.0.r.210714" | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Vto-75x95x Search vendor "Dahuasecurity" for product "Vto-75x95x" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Vth-542xh Firmware Search vendor "Dahuasecurity" for product "Vth-542xh Firmware" | < 4.500.0000002.0.r.210715 Search vendor "Dahuasecurity" for product "Vth-542xh Firmware" and version " < 4.500.0000002.0.r.210715" | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Vth-542xh Search vendor "Dahuasecurity" for product "Vth-542xh" | - | - |
Safe
|
| Dahuasecurity Search vendor "Dahuasecurity" | Tpc-bf5x21 Firmware Search vendor "Dahuasecurity" for product "Tpc-bf5x21 Firmware" | < 2.630.0000000.8.r.210630 Search vendor "Dahuasecurity" for product "Tpc-bf5x21 Firmware" and version " < 2.630.0000000.8.r.210630" | - |
Affected
| in | Dahuasecurity Search vendor "Dahuasecurity" | Tpc-bf5x21 Search vendor "Dahuasecurity" for product "Tpc-bf5x21" | - | - |
Safe
|