CVE-2021-33046

Published: Jan 13, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.

Affected (28)

Products: Dahuasecurity: Ipc Hx1xxx Firmware, Ipc Hx2xxx Firmware, Ipc Hx3xxx Firmware, Ipc Hx5(4)(3)xxx Firmware, Ipc Hx5xxx Firmware, Sd1a1 Firmware, Sd22 Firmware, Sd49 Firmware, Sd50 Firmware, Sd52c Firmware, Sd6al Firmware, Tpc Bf1241 Firmware, Tpc Bf2221 Firmware, Tpc Bf5x01 Firmware, Tpc Pt8x21x Firmware, Tpc Sd2221 Firmware, Tpc Sd8x21 Firmware, Nvr1xxx Firmware, Nvr2xxx Firmware, Nvr4xxx Firmware, Nvr5xxx Firmware, Xvr4xxx Firmware, Xvr5xxx Firmware, Xvr7xxx Firmware, Hcvr7xxx Firmware, Hcvr8xxx Firmware, Vtox20xf Firmware, Asc2204c Firmware

28 products

Ipc Hx5(4)(3)xxx Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hx1xxx Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Ipc Hx1xxx	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hx2xxx Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Ipc Hx2xxx	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hx3xxx Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Ipc Hx3xxx	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hx5(4)(3)xxx Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Ipc Hx5(4)(3)xxx	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Ipc Hx5xxx Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Ipc Hx5xxx	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Sd1a1 Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Sd1a1	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Sd22 Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Sd22	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Sd49 Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Sd49	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Sd50 Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Sd50	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Sd52c Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Sd52c	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Sd6al Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Sd6al	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Tpc Bf1241 Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Tpc Bf1241	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Tpc Bf2221 Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Tpc Bf2221	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Tpc Bf5x01 Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Tpc Bf5x01	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Tpc Pt8x21x Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Tpc Pt8x21x	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Tpc Sd2221 Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Tpc Sd2221	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Tpc Sd8x21 Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Tpc Sd8x21	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr1xxx Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Nvr1xxx	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr2xxx Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Nvr2xxx	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr4xxx Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Nvr4xxx	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Nvr5xxx Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Nvr5xxx	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Xvr4xxx Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Xvr4xxx	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Xvr5xxx Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Xvr5xxx	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Xvr7xxx Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Xvr7xxx	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Hcvr7xxx Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Hcvr7xxx	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Hcvr8xxx Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Hcvr8xxx	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Vtox20xf Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Vtox20xf	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Dahuasecurity Asc2204c Firmware	From 2017-7 to 2021-7

Running on/with	Platform Versions
Dahuasecurity Asc2204c	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

https://support.dahuatech.com/networkSecurity/securityDetails?id=95

Source: cybersecurity@dahuatech.com

Vendor Advisory

https://www.dahuasecurity.com/support/cybersecurity/details/957

Source: cybersecurity@dahuatech.com

Not Applicable

https://www.dahuasecurity.com/support/cybersecurity/details/987

Source: cybersecurity@dahuatech.com

Vendor Advisory

https://support.dahuatech.com/networkSecurity/securityDetails?id=95

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.dahuasecurity.com/support/cybersecurity/details/957

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://www.dahuasecurity.com/support/cybersecurity/details/987

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.