{"cisaActionDue": "2024-09-11", "cisaExploitAdd": "2024-08-21", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Dahua IP Camera Authentication Bypass Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hum7xxx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0356805-3ECF-4C6F-B2BF-95D507736C44", "versionEndExcluding": "2.820.0000000.5.r.210705", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hum7xxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "5AE9ACB0-4CB3-4CF5-A007-15EE977D782E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0D17050-41CA-4808-8ED3-F332FD00B551", "versionEndExcluding": "2.800.0000000.29.r.210630", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "8936A118-4AB5-4B09-A9FD-E624A68315BD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "04346BB7-74D1-46C4-B058-076B16C0209F", "versionEndExcluding": "2.820.0000000.18.r.210705", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "F2838BDA-97FF-498E-BC81-955D31B9227A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BA2AB22-37B0-471F-B6E4-BB3F3A6FB817", "versionEndExcluding": "2.812.0000007.0.r.210706", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:sd1a1:-:*:*:*:*:*:*:*", "matchCriteriaId": "88AD58DE-D990-4C98-853B-21B79CD07EEC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "17FADF4C-29F2-449A-B57E-59F2338D433C", "versionEndExcluding": "2.812.0000007.0.r.210706", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:sd22:-:*:*:*:*:*:*:*", "matchCriteriaId": "428852DE-BDE3-4CE4-972C-821E88C7F930", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:sd41_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E306AAC-7BCD-4A76-8C7B-8399B54E12CE", "versionEndExcluding": "2.812.0000007.0.r.210706", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:sd41:-:*:*:*:*:*:*:*", "matchCriteriaId": "61F87969-66DA-45EF-861C-3D3189388160", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "69712780-BA39-4B2E-810C-E9BCF6E213F1", "versionEndExcluding": "2.812.0000007.0.r.210706", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*", "matchCriteriaId": "984AD4D5-D689-4150-A1EE-D48B81CBB7C8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "69E7E0D4-7E9B-4580-B28A-898146DED548", "versionEndExcluding": "2.812.0000007.0.r.210706", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*", "matchCriteriaId": "5BA0D206-5BE7-4592-8D3E-641F47164770", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "41A67081-5051-47A0-A0EA-1C41A78F5C9A", "versionEndExcluding": "2.812.0000007.0.r.210706", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*", "matchCriteriaId": "C35F4371-334B-4EA8-8F48-498C81652F7C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "468FD434-642E-4613-B720-84254D9B9960", "versionEndExcluding": "2.630.0000000.6.r.210707", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:tpc-bf1241:-:*:*:*:*:*:*:*", "matchCriteriaId": "73B58CBF-EB67-4F02-BBAE-FFC329B8873C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C24A62B1-EFFA-4D22-ACB3-A645B325C280", "versionEndExcluding": "2.630.0000000.10.r.210707", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:tpc-bf2221:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E314BF6-76B4-4ADB-B555-7DAF92F60485", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C60703FA-F833-472C-84FC-2366409F484B", "versionEndExcluding": "2.630.0000000.12.r.210707", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7EA0704-EC7A-457A-9AC1-A39B07229DFE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:tpc-pt8x21b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EED64E60-F703-4116-9F34-7FDBD6906E33", "versionEndExcluding": "2.630.0000000.10.r.210701", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:tpc-pt8x21b:-:*:*:*:*:*:*:*", "matchCriteriaId": "8DABC76F-9824-43F3-B230-656F6C99CDA8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F49DC7A3-6FBB-4B52-848C-50EEAEFBF0B0", "versionEndIncluding": "2.630.0000000.7.r.210707", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:tpc-sd2221:-:*:*:*:*:*:*:*", "matchCriteriaId": "D166CD0E-92CC-44FA-A520-FFFEBE2D7D50", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF2B9320-63F7-4076-B60B-674CBADC2235", "versionEndExcluding": "2.630.0000000.9.r.210706", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:*:*:*:*:*:*:*", "matchCriteriaId": "75A88A53-91D8-4019-95EB-F6FEFF469F9A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:vto-65xxx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AC98964-DBDE-438C-A0E7-BF11D1BBC4B0", "versionEndExcluding": "4.300.0000004.0.r.210715", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:vto-65xxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "9438ADC0-C8F4-48E1-A905-9914A3AE715E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:vto-75x95x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3FFF94A-7F57-49D2-A6BA-5B58064C41C5", "versionEndExcluding": "4.300.0000003.0.r.210714", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:vto-75x95x:-:*:*:*:*:*:*:*", "matchCriteriaId": "B205125D-5A33-49B0-A2BA-BD833D107924", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:vth-542xh_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F1138DD-7149-4191-BF6B-5176B8EF3A07", "versionEndExcluding": "4.500.0000002.0.r.210715", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:vth-542xh:-:*:*:*:*:*:*:*", "matchCriteriaId": "72039FDA-344D-4961-BB1B-E6F32EAFD7C2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:tpc-bf5x21_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ADA22FE4-6663-4852-9D82-F311520BB4D6", "versionEndExcluding": "2.630.0000000.8.r.210630", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:tpc-bf5x21:-:*:*:*:*:*:*:*", "matchCriteriaId": "4A693D2B-F82D-41C8-A219-532CB5FD1FB6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets."}, {"lang": "es", "value": "Una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n de identidad encontrada en algunos productos Dahua durante el proceso de inicio de sesi\u00f3n. Los atacantes pueden omitir la autenticaci\u00f3n de la identidad del dispositivo al construir paquetes de datos maliciosos"}], "id": "CVE-2021-33044", "lastModified": "2024-11-21T06:08:10.943", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-15T22:15:10.497", "references": [{"source": "cybersecurity@dahuatech.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html"}, {"source": "cybersecurity@dahuatech.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Oct/13"}, {"source": "cybersecurity@dahuatech.com", "tags": ["Vendor Advisory"], "url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Oct/13"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"}], "sourceIdentifier": "cybersecurity@dahuatech.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}