CVE-2021-33045

Dahua IP Camera Authentication Bypass Vulnerability

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

Act

*SSVC

Descriptions

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

Una vulnerabilidad de omisión de autenticación de identidad encontrada en algunos productos Dahua durante el proceso de inicio de sesión. Los atacantes pueden omitir la autenticación de identidad del dispositivo al construir paquetes de datos maliciosos

Various Dahua products suffers from multiple authentication bypass vulnerabilities.

Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Act

Exploitation

Active

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2021-05-17 CVE Reserved
2021-09-15 CVE Published
2023-11-27 First Exploit
2024-08-21 Exploited in Wild
2024-09-05 CVE Updated
2024-09-11 KEV Due Date
2025-01-01 EPSS Updated

CWE

CWE-287: Improper Authentication

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC
https://github.com/dongpohezui/cve-2021-33045	2023-11-27
http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html	2024-09-05
http://seclists.org/fulldisclosure/2021/Oct/13	2024-09-05

URL	Date	SRC

URL	Date	SRC
https://www.dahuasecurity.com/support/cybersecurity/details/957	2021-12-02

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hum7xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hum7xxx Firmware"	< 2.820.0000000.5.r.210705 Search vendor "Dahuasecurity" for product "Ipc-hum7xxx Firmware" and version " < 2.820.0000000.5.r.210705"	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hum7xxx Search vendor "Dahuasecurity" for product "Ipc-hum7xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hx3xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hx3xxx Firmware"	< 2.800.0000000.29.r.210630 Search vendor "Dahuasecurity" for product "Ipc-hx3xxx Firmware" and version " < 2.800.0000000.29.r.210630"	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hx3xxx Search vendor "Dahuasecurity" for product "Ipc-hx3xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hx5xxx Firmware Search vendor "Dahuasecurity" for product "Ipc-hx5xxx Firmware"	< 2.820.0000000.5.r.210705 Search vendor "Dahuasecurity" for product "Ipc-hx5xxx Firmware" and version " < 2.820.0000000.5.r.210705"	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Ipc-hx5xxx Search vendor "Dahuasecurity" for product "Ipc-hx5xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Nvr-1xxx Firmware Search vendor "Dahuasecurity" for product "Nvr-1xxx Firmware"	< 4.001.0000005.1.r.210709 Search vendor "Dahuasecurity" for product "Nvr-1xxx Firmware" and version " < 4.001.0000005.1.r.210709"	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Nvr-1xxx Search vendor "Dahuasecurity" for product "Nvr-1xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Nvr-2xxx Firmware Search vendor "Dahuasecurity" for product "Nvr-2xxx Firmware"	< 4.001.0000000.1.r.210710 Search vendor "Dahuasecurity" for product "Nvr-2xxx Firmware" and version " < 4.001.0000000.1.r.210710"	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Nvr-2xxx Search vendor "Dahuasecurity" for product "Nvr-2xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Nvr-4xxx Firmware Search vendor "Dahuasecurity" for product "Nvr-4xxx Firmware"	< 4.001.0000005.1.r.210713 Search vendor "Dahuasecurity" for product "Nvr-4xxx Firmware" and version " < 4.001.0000005.1.r.210713"	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Nvr-4xxx Search vendor "Dahuasecurity" for product "Nvr-4xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Nvr-5xxx Firmware Search vendor "Dahuasecurity" for product "Nvr-5xxx Firmware"	< 4.001.0000000.0.r.210710 Search vendor "Dahuasecurity" for product "Nvr-5xxx Firmware" and version " < 4.001.0000000.0.r.210710"	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Nvr-5xxx Search vendor "Dahuasecurity" for product "Nvr-5xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Nvr-6xx Firmware Search vendor "Dahuasecurity" for product "Nvr-6xx Firmware"	< 4.001.0000001.1.r.210716 Search vendor "Dahuasecurity" for product "Nvr-6xx Firmware" and version " < 4.001.0000001.1.r.210716"	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Nvr-6xx Search vendor "Dahuasecurity" for product "Nvr-6xx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Vth-542xh Firmware Search vendor "Dahuasecurity" for product "Vth-542xh Firmware"	< 4.500.0000002.0.r.210715 Search vendor "Dahuasecurity" for product "Vth-542xh Firmware" and version " < 4.500.0000002.0.r.210715"	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Vth-542xh Search vendor "Dahuasecurity" for product "Vth-542xh"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Vto-65xxx Firmware Search vendor "Dahuasecurity" for product "Vto-65xxx Firmware"	< 4.300.0000004.0.r.210715 Search vendor "Dahuasecurity" for product "Vto-65xxx Firmware" and version " < 4.300.0000004.0.r.210715"	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Vto-65xxx Search vendor "Dahuasecurity" for product "Vto-65xxx"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Vto-75x95x Firmware Search vendor "Dahuasecurity" for product "Vto-75x95x Firmware"	< 4.300.0000003.0.r.210714 Search vendor "Dahuasecurity" for product "Vto-75x95x Firmware" and version " < 4.300.0000003.0.r.210714"	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Vto-75x95x Search vendor "Dahuasecurity" for product "Vto-75x95x"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Xvr-4x04 Firmware Search vendor "Dahuasecurity" for product "Xvr-4x04 Firmware"	-	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Xvr-4x04 Search vendor "Dahuasecurity" for product "Xvr-4x04"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Xvr-4x08 Firmware Search vendor "Dahuasecurity" for product "Xvr-4x08 Firmware"	< 4.001.0000001.1.r.210709 Search vendor "Dahuasecurity" for product "Xvr-4x08 Firmware" and version " < 4.001.0000001.1.r.210709"	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Xvr-4x08 Search vendor "Dahuasecurity" for product "Xvr-4x08"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Xvr-4x04 Firmware Search vendor "Dahuasecurity" for product "Xvr-4x04 Firmware"	< 4.001.0000001.1.r.210709 Search vendor "Dahuasecurity" for product "Xvr-4x04 Firmware" and version " < 4.001.0000001.1.r.210709"	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Xvr-4x04 Search vendor "Dahuasecurity" for product "Xvr-4x04"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Xvr-5x04 Firmware Search vendor "Dahuasecurity" for product "Xvr-5x04 Firmware"	< 4.001.0000003.1.r.210710 Search vendor "Dahuasecurity" for product "Xvr-5x04 Firmware" and version " < 4.001.0000003.1.r.210710"	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Xvr-5x04 Search vendor "Dahuasecurity" for product "Xvr-5x04"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Xvr-5x08 Firmware Search vendor "Dahuasecurity" for product "Xvr-5x08 Firmware"	< 4.001.0000003.1.r.210710 Search vendor "Dahuasecurity" for product "Xvr-5x08 Firmware" and version " < 4.001.0000003.1.r.210710"	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Xvr-5x08 Search vendor "Dahuasecurity" for product "Xvr-5x08"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Xvr-5x16 Firmware Search vendor "Dahuasecurity" for product "Xvr-5x16 Firmware"	< 4.001.0000003.1.r.210710 Search vendor "Dahuasecurity" for product "Xvr-5x16 Firmware" and version " < 4.001.0000003.1.r.210710"	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Xvr-5x16 Search vendor "Dahuasecurity" for product "Xvr-5x16"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Xvr-7x16 Firmware Search vendor "Dahuasecurity" for product "Xvr-7x16 Firmware"	< 4.001.0000003.1.r.210710 Search vendor "Dahuasecurity" for product "Xvr-7x16 Firmware" and version " < 4.001.0000003.1.r.210710"	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Xvr-7x16 Search vendor "Dahuasecurity" for product "Xvr-7x16"	-	-	Safe
Dahuasecurity Search vendor "Dahuasecurity"	Xvr-7x32 Firmware Search vendor "Dahuasecurity" for product "Xvr-7x32 Firmware"	< 4.001.0000003.1.r.210710 Search vendor "Dahuasecurity" for product "Xvr-7x32 Firmware" and version " < 4.001.0000003.1.r.210710"	-	Affected	in	Dahuasecurity Search vendor "Dahuasecurity"	Xvr-7x32 Search vendor "Dahuasecurity" for product "Xvr-7x32"	-	-	Safe