Lucene search

[email protected]CVE-2021-33044

HistorySep 15, 2021 - 10:15 p.m.

CVE-2021-33044

2021-09-1522:15:10

CWE-287

[email protected]

web.nvd.nist.gov

225

dahua

identity authentication

bypass vulnerability

cve-2021-33044

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.226 Low

EPSS

Percentile

96.5%

JSON

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

Affected configurations

NVD

Node

dahuasecurityipc-hum7xxx_firmwareRange<2.820.0000000.5.r.210705

AND

dahuasecurityipc-hum7xxxMatch-

Node

dahuasecurityipc-hx3xxx_firmwareRange<2.800.0000000.29.r.210630

AND

dahuasecurityipc-hx3xxxMatch-

Node

dahuasecurityipc-hx5xxx_firmwareRange<2.820.0000000.18.r.210705

AND

dahuasecurityipc-hx5xxxMatch-

Node

dahuasecuritysd1a1_firmwareRange<2.812.0000007.0.r.210706

AND

dahuasecuritysd1a1Match-

Node

dahuasecuritysd22_firmwareRange<2.812.0000007.0.r.210706

AND

dahuasecuritysd22Match-

Node

dahuasecuritysd41_firmwareRange<2.812.0000007.0.r.210706

AND

dahuasecuritysd41Match-

Node

dahuasecuritysd50_firmwareRange<2.812.0000007.0.r.210706

AND

dahuasecuritysd50Match-

Node

dahuasecuritysd52c_firmwareRange<2.812.0000007.0.r.210706

AND

dahuasecuritysd52cMatch-

Node

dahuasecuritysd6al_firmwareRange<2.812.0000007.0.r.210706

AND

dahuasecuritysd6alMatch-

Node

dahuasecuritytpc-bf1241_firmwareRange<2.630.0000000.6.r.210707

AND

dahuasecuritytpc-bf1241Match-

Node

dahuasecuritytpc-bf2221_firmwareRange<2.630.0000000.10.r.210707

AND

dahuasecuritytpc-bf2221Match-

Node

dahuasecuritytpc-bf5x01_firmwareRange<2.630.0000000.12.r.210707

AND

dahuasecuritytpc-bf5x01Match-

Node

dahuasecuritytpc-pt8x21b_firmwareRange<2.630.0000000.10.r.210701

AND

dahuasecuritytpc-pt8x21bMatch-

Node

dahuasecuritytpc-sd2221_firmwareRange≤2.630.0000000.7.r.210707

AND

dahuasecuritytpc-sd2221Match-

Node

dahuasecuritytpc-sd8x21_firmwareRange<2.630.0000000.9.r.210706

AND

dahuasecuritytpc-sd8x21Match-

Node

dahuasecurityvto-65xxx_firmwareRange<4.300.0000004.0.r.210715

AND

dahuasecurityvto-65xxxMatch-

Node

dahuasecurityvto-75x95x_firmwareRange<4.300.0000003.0.r.210714

AND

dahuasecurityvto-75x95xMatch-

Node

dahuasecurityvth-542xh_firmwareRange<4.500.0000002.0.r.210715

AND

dahuasecurityvth-542xhMatch-

Node

dahuasecuritytpc-bf5x21_firmwareRange<2.630.0000000.8.r.210630

AND

dahuasecuritytpc-bf5x21Match-

CPENameOperatorVersion
dahuasecurity:ipc-hum7xxx_firmwaredahuasecurity ipc-hum7xxx firmwarelt2.820.0000000.5.r.210705

CPE	Name	Operator	Version
dahuasecurity:ipc-hum7xxx_firmware	dahuasecurity ipc-hum7xxx firmware	lt	2.820.0000000.5.r.210705

CNA Affected

[
  {
    "product": "Some Dahua IP Camera, Video Intercom, PTZ Dome Camera, Thermal Camera devices",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Dahua IP Camera devices IPC-HX3XXX, IPC-HX5XXX, and IPC-HUM7XXX, Video Intercom devices VTO75X95X, VTO65XXX, and VTH542XH, PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL, Thermal TPC-BF1241, TPC-BF2221, TPC-SD2221, TPC-BF5XXX, TPC-SD8X21, and TPC-PT8X21B devices Buildtime before June, 2021."
      }
    ]
  }
]