Vulnerability Description
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dahuasecurity | Ipc-Hum7Xxx Firmware | < 2.820.0000000.5.r.210705 |
| Dahuasecurity | Ipc-Hum7Xxx | - |
| Dahuasecurity | Ipc-Hx3Xxx Firmware | < 2.800.0000000.29.r.210630 |
| Dahuasecurity | Ipc-Hx3Xxx | - |
| Dahuasecurity | Ipc-Hx5Xxx Firmware | < 2.820.0000000.5.r.210705 |
| Dahuasecurity | Ipc-Hx5Xxx | - |
| Dahuasecurity | Nvr-1Xxx Firmware | < 4.001.0000005.1.r.210709 |
| Dahuasecurity | Nvr-1Xxx | - |
| Dahuasecurity | Nvr-2Xxx Firmware | < 4.001.0000000.1.r.210710 |
| Dahuasecurity | Nvr-2Xxx | - |
| Dahuasecurity | Nvr-4Xxx Firmware | < 4.001.0000005.1.r.210713 |
| Dahuasecurity | Nvr-4Xxx | - |
| Dahuasecurity | Nvr-5Xxx Firmware | < 4.001.0000000.0.r.210710 |
| Dahuasecurity | Nvr-5Xxx | - |
| Dahuasecurity | Nvr-6Xx Firmware | < 4.001.0000001.1.r.210716 |
| Dahuasecurity | Nvr-6Xx | - |
| Dahuasecurity | Vth-542Xh Firmware | < 4.500.0000002.0.r.210715 |
| Dahuasecurity | Vth-542Xh | - |
| Dahuasecurity | Vto-65Xxx Firmware | < 4.300.0000004.0.r.210715 |
| Dahuasecurity | Vto-65Xxx | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.htmlExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2021/Oct/13ExploitMailing ListThird Party Advisory
- https://www.dahuasecurity.com/support/cybersecurity/details/957Vendor Advisory
- http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.htmlExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2021/Oct/13ExploitMailing ListThird Party Advisory
- https://www.dahuasecurity.com/support/cybersecurity/details/957Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-US Government Resource
FAQ
What is CVE-2021-33045?
CVE-2021-33045 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
How severe is CVE-2021-33045?
CVE-2021-33045 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-33045?
Check the references section above for vendor advisories and patch information. Affected products include: Dahuasecurity Ipc-Hum7Xxx Firmware, Dahuasecurity Ipc-Hum7Xxx, Dahuasecurity Ipc-Hx3Xxx Firmware, Dahuasecurity Ipc-Hx3Xxx, Dahuasecurity Ipc-Hx5Xxx Firmware.