CVE-2021-33044 - OpenCVE

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Dahuasecurity	Ipc-hx5xxx Sd1a1 Sd41 Firmware Vth-542xh Tpc-bf1241 Firmware Ipc-hum7xxx Firmware Vto-65xxx Sd50 Firmware Tpc-sd2221 Firmware Tpc-bf5x01 Sd6al Firmware Tpc-pt8x21b Firmware Tpc-bf2221 Sd41 Sd50 Sd52c Ipc-hx3xxx Firmware Ipc-hum7xxx Sd6al Tpc-bf5x21 Tpc-bf2221 Firmware Ipc-hx5xxx Firmware Vto-65xxx Firmware Tpc-sd8x21 Firmware Tpc-sd2221 Vto-75x95x Tpc-bf1241 Ipc-hx3xxx Tpc-sd8x21 Sd22 Firmware Tpc-bf5x01 Firmware Tpc-pt8x21b Sd52c Firmware Vto-75x95x Firmware Vth-542xh Firmware Sd22 Sd1a1 Firmware Tpc-bf5x21 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dahuasecurity:ipc-hum7xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hum7xxx:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd1a1:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd22:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dahuasecurity:sd41_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd41:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf1241:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf2221:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-pt8x21b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-pt8x21b:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-sd2221:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:dahuasecurity:vto-65xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:vto-65xxx:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:dahuasecurity:vto-75x95x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:vto-75x95x:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:dahuasecurity:vth-542xh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:vth-542xh:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-bf5x21_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf5x21:-:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2021/Oct/13	Exploit Mailing List Third Party Advisory
https://www.dahuasecurity.com/support/cybersecurity/details/957	Vendor Advisory