CVE-2021-33045 - OpenCVE

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Dahuasecurity	Xvr-7x32 Firmware Ipc-hx5xxx Xvr-4x08 Vth-542xh Nvr-4xxx Firmware Nvr-1xxx Ipc-hum7xxx Firmware Nvr-4xxx Xvr-5x04 Xvr-5x08 Vto-65xxx Xvr-4x08 Firmware Xvr-5x16 Xvr-7x16 Firmware Nvr-2xxx Firmware Xvr-5x16 Firmware Nvr-6xx Ipc-hx3xxx Firmware Xvr-5x04 Firmware Ipc-hum7xxx Xvr-5x08 Firmware Xvr-7x32 Nvr-5xxx Ipc-hx5xxx Firmware Xvr-4x04 Vto-65xxx Firmware Nvr-6xx Firmware Vto-75x95x Xvr-7x16 Xvr-4x04 Firmware Ipc-hx3xxx Nvr-2xxx Nvr-5xxx Firmware Vto-75x95x Firmware Vth-542xh Firmware Nvr-1xxx Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dahuasecurity:ipc-hum7xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hum7xxx:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dahuasecurity:nvr-1xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr-1xxx:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dahuasecurity:nvr-2xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr-2xxx:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dahuasecurity:nvr-4xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr-4xxx:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:dahuasecurity:nvr-5xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr-5xxx:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:dahuasecurity:nvr-6xx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr-6xx:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dahuasecurity:vth-542xh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:vth-542xh:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dahuasecurity:vto-65xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:vto-65xxx:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:dahuasecurity:vto-75x95x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:vto-75x95x:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:dahuasecurity:xvr-4x04_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr-4x04:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:dahuasecurity:xvr-4x08_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr-4x08:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:dahuasecurity:xvr-4x04_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr-4x04:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:dahuasecurity:xvr-5x04_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr-5x04:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:dahuasecurity:xvr-5x08_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr-5x08:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:dahuasecurity:xvr-5x16_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr-5x16:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:dahuasecurity:xvr-7x16_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr-7x16:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:dahuasecurity:xvr-7x32_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr-7x32:-:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2021/Oct/13	Exploit Mailing List Third Party Advisory
https://www.dahuasecurity.com/support/cybersecurity/details/957	Vendor Advisory