CVE-2021-33044

Published: Sep 15, 2021Modified: Jan 13, 2026CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

Affected (19)

Products: Dahuasecurity: Ipc Hum7xxx Firmware, Ipc Hx3xxx Firmware, Ipc Hx5xxx Firmware, Sd1a1 Firmware, Sd22 Firmware, Sd49 Firmware, Sd50 Firmware, Sd52c Firmware, Sd6al Firmware, Tpc Bf1241 Firmware, Tpc Bf2221 Firmware, Tpc Bf5x01 Firmware, Tpc Pt8x21b Firmware, Tpc Sd2221 Firmware, Tpc Sd8x21 Firmware, Vto 65xxx Firmware, Vto 75x95x Firmware, Vth 542xh Firmware, Tpc Bf5x21 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hum7xxx Firmware	Before 2.820.0000000.5.r.210705

Running on/with	Platform Versions
Dahuasecurity Ipc Hum7xxx	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hx3xxx Firmware	Before 2.800.0000000.29.r.210630

Running on/with	Platform Versions
Dahuasecurity Ipc Hx3xxx	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hx5xxx Firmware	Before 2.820.0000000.18.r.210705

Running on/with	Platform Versions
Dahuasecurity Ipc Hx5xxx	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Sd1a1 Firmware	Before 2.812.0000007.0.r.210706

Running on/with	Platform Versions
Dahuasecurity Sd1a1	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Sd22 Firmware	Before 2.812.0000007.0.r.210706

Running on/with	Platform Versions
Dahuasecurity Sd22	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Sd49 Firmware	Before 2.812.0000007.0.r.210706

Running on/with	Platform Versions
Dahuasecurity Sd49	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Sd50 Firmware	Before 2.812.0000007.0.r.210706

Running on/with	Platform Versions
Dahuasecurity Sd50	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Sd52c Firmware	Before 2.812.0000007.0.r.210706

Running on/with	Platform Versions
Dahuasecurity Sd52c	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Sd6al Firmware	Before 2.812.0000007.0.r.210706

Running on/with	Platform Versions
Dahuasecurity Sd6al	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Tpc Bf1241 Firmware	Before 2.630.0000000.6.r.210707

Running on/with	Platform Versions
Dahuasecurity Tpc Bf1241	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Tpc Bf2221 Firmware	Before 2.630.0000000.10.r.210707

Running on/with	Platform Versions
Dahuasecurity Tpc Bf2221	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Tpc Bf5x01 Firmware	Before 2.630.0000000.12.r.210707

Running on/with	Platform Versions
Dahuasecurity Tpc Bf5x01	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Tpc Pt8x21b Firmware	Before 2.630.0000000.10.r.210701

Running on/with	Platform Versions
Dahuasecurity Tpc Pt8x21b	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Tpc Sd2221 Firmware	Up to 2.630.0000000.7.r.210707

Running on/with	Platform Versions
Dahuasecurity Tpc Sd2221	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Tpc Sd8x21 Firmware	Before 2.630.0000000.9.r.210706

Running on/with	Platform Versions
Dahuasecurity Tpc Sd8x21	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Vto 65xxx Firmware	Before 4.300.0000004.0.r.210715

Running on/with	Platform Versions
Dahuasecurity Vto 65xxx	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Vto 75x95x Firmware	Before 4.300.0000003.0.r.210714

Running on/with	Platform Versions
Dahuasecurity Vto 75x95x	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Vth 542xh Firmware	Before 4.500.0000002.0.r.210715

Running on/with	Platform Versions
Dahuasecurity Vth 542xh	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Tpc Bf5x21 Firmware	Before 2.630.0000000.8.r.210630

Running on/with	Platform Versions
Dahuasecurity Tpc Bf5x21	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (7)

http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html

Source: cybersecurity@dahuatech.com

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2021/Oct/13

Source: cybersecurity@dahuatech.com

ExploitMailing ListThird Party Advisory

https://www.dahuasecurity.com/support/cybersecurity/details/957

Source: cybersecurity@dahuatech.com

Vendor Advisory

http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2021/Oct/13

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

https://www.dahuasecurity.com/support/cybersecurity/details/957

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33044

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.