Vulnerability Description
Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dahuasecurity | Ipc-Hx1Xxx Firmware | >= 2017-7, <= 2021-7 |
| Dahuasecurity | Ipc-Hx1Xxx | - |
| Dahuasecurity | Ipc-Hx2Xxx Firmware | >= 2017-7, <= 2021-7 |
| Dahuasecurity | Ipc-Hx2Xxx | - |
| Dahuasecurity | Ipc-Hx3Xxx Firmware | >= 2017-7, <= 2021-7 |
| Dahuasecurity | Ipc-Hx3Xxx | - |
| Dahuasecurity | Ipc-Hx5\(4\)\(3\)Xxx Firmware | >= 2017-7, <= 2021-7 |
| Dahuasecurity | Ipc-Hx5\(4\)\(3\)Xxx | - |
| Dahuasecurity | Ipc-Hx5Xxx Firmware | >= 2017-7, <= 2021-7 |
| Dahuasecurity | Ipc-Hx5Xxx | - |
| Dahuasecurity | Sd1A1 Firmware | >= 2017-7, <= 2021-7 |
| Dahuasecurity | Sd1A1 | - |
| Dahuasecurity | Sd22 Firmware | >= 2017-7, <= 2021-7 |
| Dahuasecurity | Sd22 | - |
| Dahuasecurity | Sd49 Firmware | >= 2017-7, <= 2021-7 |
| Dahuasecurity | Sd49 | - |
| Dahuasecurity | Sd50 Firmware | >= 2017-7, <= 2021-7 |
| Dahuasecurity | Sd50 | - |
| Dahuasecurity | Sd52C Firmware | >= 2017-7, <= 2021-7 |
| Dahuasecurity | Sd52C | - |
Related Weaknesses (CWE)
References
- https://support.dahuatech.com/networkSecurity/securityDetails?id=95Vendor Advisory
- https://www.dahuasecurity.com/support/cybersecurity/details/957Not Applicable
- https://www.dahuasecurity.com/support/cybersecurity/details/987Vendor Advisory
- https://support.dahuatech.com/networkSecurity/securityDetails?id=95Vendor Advisory
- https://www.dahuasecurity.com/support/cybersecurity/details/957Not Applicable
- https://www.dahuasecurity.com/support/cybersecurity/details/987Vendor Advisory
FAQ
What is CVE-2021-33046?
CVE-2021-33046 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.
How severe is CVE-2021-33046?
CVE-2021-33046 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-33046?
Check the references section above for vendor advisories and patch information. Affected products include: Dahuasecurity Ipc-Hx1Xxx Firmware, Dahuasecurity Ipc-Hx1Xxx, Dahuasecurity Ipc-Hx2Xxx Firmware, Dahuasecurity Ipc-Hx2Xxx, Dahuasecurity Ipc-Hx3Xxx Firmware.