CVE-2021-33044

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
dahuaCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
dahuasecurityipc-hum7xxx_firmware
𝑥
< 2.820.0000000.5.r.210705
dahuasecurityipc-hx3xxx_firmware
𝑥
< 2.800.0000000.29.r.210630
dahuasecurityipc-hx5xxx_firmware
𝑥
< 2.820.0000000.18.r.210705
dahuasecuritysd1a1_firmware
𝑥
< 2.812.0000007.0.r.210706
dahuasecuritysd22_firmware
𝑥
< 2.812.0000007.0.r.210706
dahuasecuritysd41_firmware
𝑥
< 2.812.0000007.0.r.210706
dahuasecuritysd50_firmware
𝑥
< 2.812.0000007.0.r.210706
dahuasecuritysd52c_firmware
𝑥
< 2.812.0000007.0.r.210706
dahuasecuritysd6al_firmware
𝑥
< 2.812.0000007.0.r.210706
dahuasecuritytpc-bf1241_firmware
𝑥
< 2.630.0000000.6.r.210707
dahuasecuritytpc-bf2221_firmware
𝑥
< 2.630.0000000.10.r.210707
dahuasecuritytpc-bf5x01_firmware
𝑥
< 2.630.0000000.12.r.210707
dahuasecuritytpc-pt8x21b_firmware
𝑥
< 2.630.0000000.10.r.210701
dahuasecuritytpc-sd2221_firmware
𝑥
≤ 2.630.0000000.7.r.210707
dahuasecuritytpc-sd8x21_firmware
𝑥
< 2.630.0000000.9.r.210706
dahuasecurityvto-65xxx_firmware
𝑥
< 4.300.0000004.0.r.210715
dahuasecurityvto-75x95x_firmware
𝑥
< 4.300.0000003.0.r.210714
dahuasecurityvth-542xh_firmware
𝑥
< 4.500.0000002.0.r.210715
dahuasecuritytpc-bf5x21_firmware
𝑥
< 2.630.0000000.8.r.210630
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html
http://seclists.org/fulldisclosure/2021/Oct/13
https://www.dahuasecurity.com/support/cybersecurity/details/957
http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html
http://seclists.org/fulldisclosure/2021/Oct/13
https://www.dahuasecurity.com/support/cybersecurity/details/957