Lucene search

[email protected]CVE-2021-33045

HistorySep 15, 2021 - 10:15 p.m.

CVE-2021-33045

2021-09-1522:15:10

CWE-287

[email protected]

web.nvd.nist.gov

191

dahua

cve-2021-33045

identity authentication

authentication bypass

vulnerability

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.051 Low

EPSS

Percentile

93.0%

JSON

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

Affected configurations

NVD

Node

dahuasecurityipc-hum7xxx_firmwareRange<2.820.0000000.5.r.210705

AND

dahuasecurityipc-hum7xxxMatch-

Node

dahuasecurityipc-hx3xxx_firmwareRange<2.800.0000000.29.r.210630

AND

dahuasecurityipc-hx3xxxMatch-

Node

dahuasecurityipc-hx5xxx_firmwareRange<2.820.0000000.5.r.210705

AND

dahuasecurityipc-hx5xxxMatch-

Node

dahuasecuritynvr-1xxx_firmwareRange<4.001.0000005.1.r.210709

AND

dahuasecuritynvr-1xxxMatch-

Node

dahuasecuritynvr-2xxx_firmwareRange<4.001.0000000.1.r.210710

AND

dahuasecuritynvr-2xxxMatch-

Node

dahuasecuritynvr-4xxx_firmwareRange<4.001.0000005.1.r.210713

AND

dahuasecuritynvr-4xxxMatch-

Node

dahuasecuritynvr-5xxx_firmwareRange<4.001.0000000.0.r.210710

AND

dahuasecuritynvr-5xxxMatch-

Node

dahuasecuritynvr-6xx_firmwareRange<4.001.0000001.1.r.210716

AND

dahuasecuritynvr-6xxMatch-

Node

dahuasecurityvth-542xh_firmwareRange<4.500.0000002.0.r.210715

AND

dahuasecurityvth-542xhMatch-

Node

dahuasecurityvto-65xxx_firmwareRange<4.300.0000004.0.r.210715

AND

dahuasecurityvto-65xxxMatch-

Node

dahuasecurityvto-75x95x_firmwareRange<4.300.0000003.0.r.210714

AND

dahuasecurityvto-75x95xMatch-

Node

dahuasecurityxvr-4x04_firmwareMatch-

AND

dahuasecurityxvr-4x04Match-

Node

dahuasecurityxvr-4x08_firmwareRange<4.001.0000001.1.r.210709

AND

dahuasecurityxvr-4x08Match-

Node

dahuasecurityxvr-4x04_firmwareRange<4.001.0000001.1.r.210709

AND

dahuasecurityxvr-4x04Match-

Node

dahuasecurityxvr-5x04_firmwareRange<4.001.0000003.1.r.210710

AND

dahuasecurityxvr-5x04Match-

Node

dahuasecurityxvr-5x08_firmwareRange<4.001.0000003.1.r.210710

AND

dahuasecurityxvr-5x08Match-

Node

dahuasecurityxvr-5x16_firmwareRange<4.001.0000003.1.r.210710

AND

dahuasecurityxvr-5x16Match-

Node

dahuasecurityxvr-7x16_firmwareRange<4.001.0000003.1.r.210710

AND

dahuasecurityxvr-7x16Match-

Node

dahuasecurityxvr-7x32_firmwareRange<4.001.0000003.1.r.210710

AND

dahuasecurityxvr-7x32Match-

CPENameOperatorVersion
dahuasecurity:ipc-hum7xxx_firmwaredahuasecurity ipc-hum7xxx firmwarelt2.820.0000000.5.r.210705

CPE	Name	Operator	Version
dahuasecurity:ipc-hum7xxx_firmware	dahuasecurity ipc-hum7xxx firmware	lt	2.820.0000000.5.r.210705

CNA Affected

[
  {
    "product": "Some Dahua IP Camera, Video Intercom, NVR, XVR devices",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Dahua IP Camera devices IPC-HX3XXX, IPC-HX5XXX, and IPC-HUM7XXX Buildtime before May, 2020, Video Intercom devices VTO75X95X, VTO65XXX, and VTH542XH, NVR devices NVR1XXX, NVR2XXX, NVR5XXX, and NVR6XX, XVR devices XVR4xxx, XVR5xxx, and XVR7xxx Buildtime before December, 2019."
      }
    ]
  }
]