CVE-2021-33045

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
dahuaCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
dahuasecurityipc-hum7xxx_firmware
𝑥
< 2.820.0000000.5.r.210705
dahuasecurityipc-hx3xxx_firmware
𝑥
< 2.800.0000000.29.r.210630
dahuasecurityipc-hx5xxx_firmware
𝑥
< 2.820.0000000.5.r.210705
dahuasecuritynvr-1xxx_firmware
𝑥
< 4.001.0000005.1.r.210709
dahuasecuritynvr-2xxx_firmware
𝑥
< 4.001.0000000.1.r.210710
dahuasecuritynvr-4xxx_firmware
𝑥
< 4.001.0000005.1.r.210713
dahuasecuritynvr-5xxx_firmware
𝑥
< 4.001.0000000.0.r.210710
dahuasecuritynvr-6xx_firmware
𝑥
< 4.001.0000001.1.r.210716
dahuasecurityvth-542xh_firmware
𝑥
< 4.500.0000002.0.r.210715
dahuasecurityvto-65xxx_firmware
𝑥
< 4.300.0000004.0.r.210715
dahuasecurityvto-75x95x_firmware
𝑥
< 4.300.0000003.0.r.210714
dahuasecurityxvr-4x04_firmware
-
dahuasecurityxvr-4x08_firmware
𝑥
< 4.001.0000001.1.r.210709
dahuasecurityxvr-4x04_firmware
𝑥
< 4.001.0000001.1.r.210709
dahuasecurityxvr-5x04_firmware
𝑥
< 4.001.0000003.1.r.210710
dahuasecurityxvr-5x08_firmware
𝑥
< 4.001.0000003.1.r.210710
dahuasecurityxvr-5x16_firmware
𝑥
< 4.001.0000003.1.r.210710
dahuasecurityxvr-7x16_firmware
𝑥
< 4.001.0000003.1.r.210710
dahuasecurityxvr-7x32_firmware
𝑥
< 4.001.0000003.1.r.210710
𝑥
= Vulnerable software versions