CVE-2021-33045

Published: Sep 15, 2021Modified: Jan 13, 2026CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

Affected (19)

Products: Dahuasecurity: Ipc Hum7xxx Firmware, Ipc Hx3xxx Firmware, Ipc Hx5xxx Firmware, Nvr 1xxx Firmware, Nvr 2xxx Firmware, Nvr 4xxx Firmware, Nvr 5xxx Firmware, Nvr 6xx Firmware, Vth 542xh Firmware, Vto 65xxx Firmware, Vto 75x95x Firmware, Xvr 4x04 Firmware, Xvr 4x08 Firmware, Xvr 5x04 Firmware, Xvr 5x08 Firmware, Xvr 5x16 Firmware, Xvr 7x16 Firmware, Xvr 7x32 Firmware

18 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hum7xxx Firmware	Before 2.820.0000000.5.r.210705

Running on/with	Platform Versions
Dahuasecurity Ipc Hum7xxx	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hx3xxx Firmware	Before 2.800.0000000.29.r.210630

Running on/with	Platform Versions
Dahuasecurity Ipc Hx3xxx	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hx5xxx Firmware	Before 2.820.0000000.5.r.210705

Running on/with	Platform Versions
Dahuasecurity Ipc Hx5xxx	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr 1xxx Firmware	Before 4.001.0000005.1.r.210709

Running on/with	Platform Versions
Dahuasecurity Nvr 1xxx	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr 2xxx Firmware	Before 4.001.0000000.1.r.210710

Running on/with	Platform Versions
Dahuasecurity Nvr 2xxx	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr 4xxx Firmware	Before 4.001.0000005.1.r.210713

Running on/with	Platform Versions
Dahuasecurity Nvr 4xxx	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr 5xxx Firmware	Before 4.001.0000000.0.r.210710

Running on/with	Platform Versions
Dahuasecurity Nvr 5xxx	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr 6xx Firmware	Before 4.001.0000001.1.r.210716

Running on/with	Platform Versions
Dahuasecurity Nvr 6xx	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Vth 542xh Firmware	Before 4.500.0000002.0.r.210715

Running on/with	Platform Versions
Dahuasecurity Vth 542xh	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Vto 65xxx Firmware	Before 4.300.0000004.0.r.210715

Running on/with	Platform Versions
Dahuasecurity Vto 65xxx	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Vto 75x95x Firmware	Before 4.300.0000003.0.r.210714

Running on/with	Platform Versions
Dahuasecurity Vto 75x95x	All versions

Configuration L

1 vulnerable

Vulnerable Software	Affected Versions
Dahuasecurity Xvr 4x04 Firmware	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Xvr 4x08 Firmware	Before 4.001.0000001.1.r.210709

Running on/with	Platform Versions
Dahuasecurity Xvr 4x08	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Xvr 4x04 Firmware	Before 4.001.0000001.1.r.210709

Running on/with	Platform Versions
Dahuasecurity Xvr 4x04	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Xvr 5x04 Firmware	Before 4.001.0000003.1.r.210710

Running on/with	Platform Versions
Dahuasecurity Xvr 5x04	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Xvr 5x08 Firmware	Before 4.001.0000003.1.r.210710

Running on/with	Platform Versions
Dahuasecurity Xvr 5x08	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Xvr 5x16 Firmware	Before 4.001.0000003.1.r.210710

Running on/with	Platform Versions
Dahuasecurity Xvr 5x16	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Xvr 7x16 Firmware	Before 4.001.0000003.1.r.210710

Running on/with	Platform Versions
Dahuasecurity Xvr 7x16	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Xvr 7x32 Firmware	Before 4.001.0000003.1.r.210710

Running on/with	Platform Versions
Dahuasecurity Xvr 7x32	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (7)

http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html

Source: cybersecurity@dahuatech.com

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2021/Oct/13

Source: cybersecurity@dahuatech.com

ExploitMailing ListThird Party Advisory

https://www.dahuasecurity.com/support/cybersecurity/details/957

Source: cybersecurity@dahuatech.com

Vendor Advisory

http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2021/Oct/13

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

https://www.dahuasecurity.com/support/cybersecurity/details/957

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33045

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.