CVE-2021-33044 — CRITICAL (9.8)

Q: What is CVE-2021-33044?

CVE-2021-33044 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

Q: How severe is CVE-2021-33044?

CVE-2021-33044 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-33044?

Check the references section above for vendor advisories and patch information. Affected products include: Dahuasecurity Ipc-Hum7Xxx Firmware, Dahuasecurity Ipc-Hum7Xxx, Dahuasecurity Ipc-Hx3Xxx Firmware, Dahuasecurity Ipc-Hx3Xxx, Dahuasecurity Ipc-Hx5Xxx Firmware.

Vulnerability Description

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dahuasecurity	Ipc-Hum7Xxx Firmware	< 2.820.0000000.5.r.210705
Dahuasecurity	Ipc-Hum7Xxx	-
Dahuasecurity	Ipc-Hx3Xxx Firmware	< 2.800.0000000.29.r.210630
Dahuasecurity	Ipc-Hx3Xxx	-
Dahuasecurity	Ipc-Hx5Xxx Firmware	< 2.820.0000000.18.r.210705
Dahuasecurity	Ipc-Hx5Xxx	-
Dahuasecurity	Sd1A1 Firmware	< 2.812.0000007.0.r.210706
Dahuasecurity	Sd1A1	-
Dahuasecurity	Sd22 Firmware	< 2.812.0000007.0.r.210706
Dahuasecurity	Sd22	-
Dahuasecurity	Sd49 Firmware	< 2.812.0000007.0.r.210706
Dahuasecurity	Sd49	-
Dahuasecurity	Sd50 Firmware	< 2.812.0000007.0.r.210706
Dahuasecurity	Sd50	-
Dahuasecurity	Sd52C Firmware	< 2.812.0000007.0.r.210706
Dahuasecurity	Sd52C	-
Dahuasecurity	Sd6Al Firmware	< 2.812.0000007.0.r.210706
Dahuasecurity	Sd6Al	-
Dahuasecurity	Tpc-Bf1241 Firmware	< 2.630.0000000.6.r.210707
Dahuasecurity	Tpc-Bf1241	-

Related Weaknesses (CWE)

CWE-287

References

http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.htmlExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2021/Oct/13ExploitMailing ListThird Party Advisory
https://www.dahuasecurity.com/support/cybersecurity/details/957Vendor Advisory
http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.htmlExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2021/Oct/13ExploitMailing ListThird Party Advisory
https://www.dahuasecurity.com/support/cybersecurity/details/957Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-US Government Resource

FAQ

What is CVE-2021-33044?

CVE-2021-33044 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

How severe is CVE-2021-33044?

CVE-2021-33044 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-33044?

Check the references section above for vendor advisories and patch information. Affected products include: Dahuasecurity Ipc-Hum7Xxx Firmware, Dahuasecurity Ipc-Hum7Xxx, Dahuasecurity Ipc-Hx3Xxx Firmware, Dahuasecurity Ipc-Hx3Xxx, Dahuasecurity Ipc-Hx5Xxx Firmware.