{"cisaActionDue": "2024-09-11", "cisaExploitAdd": "2024-08-21", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Dahua IP Camera Authentication Bypass Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hum7xxx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0356805-3ECF-4C6F-B2BF-95D507736C44", "versionEndExcluding": "2.820.0000000.5.r.210705", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hum7xxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "5AE9ACB0-4CB3-4CF5-A007-15EE977D782E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0D17050-41CA-4808-8ED3-F332FD00B551", "versionEndExcluding": "2.800.0000000.29.r.210630", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "8936A118-4AB5-4B09-A9FD-E624A68315BD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F20DC69-B735-4547-826D-E4C42A39FE82", "versionEndExcluding": "2.820.0000000.5.r.210705", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "F2838BDA-97FF-498E-BC81-955D31B9227A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:nvr-1xxx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA1C3935-C83B-4A1A-BEEE-EF93F7722972", "versionEndExcluding": "4.001.0000005.1.r.210709", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:nvr-1xxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "7780D1BE-ABE0-4890-B493-36FA0A4B3266", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:nvr-2xxx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "795EF8B2-5E6D-46EB-9F66-85F2C71B2619", "versionEndExcluding": "4.001.0000000.1.r.210710", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:nvr-2xxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "89E3F7B3-3C51-49C1-BAEC-DA4235D5A06D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:nvr-4xxx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1386662B-C3DE-467A-8F41-F18BDE7B9726", "versionEndExcluding": "4.001.0000005.1.r.210713", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:nvr-4xxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "58ECDC49-09D4-4E62-AC11-E3C52C656A9D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:nvr-5xxx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "06A6B28A-2E0D-4E45-904A-66FEE5D85262", "versionEndExcluding": "4.001.0000000.0.r.210710", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:nvr-5xxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE621958-8AE2-44E0-9E41-94BC964CDF57", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:nvr-6xx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "90D5A1B3-88D5-4E5E-A88B-59409D41956C", "versionEndExcluding": "4.001.0000001.1.r.210716", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:nvr-6xx:-:*:*:*:*:*:*:*", "matchCriteriaId": "9EEAC798-870E-4DE6-B7DB-44FAF5360CE5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:vth-542xh_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F1138DD-7149-4191-BF6B-5176B8EF3A07", "versionEndExcluding": "4.500.0000002.0.r.210715", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:vth-542xh:-:*:*:*:*:*:*:*", "matchCriteriaId": "72039FDA-344D-4961-BB1B-E6F32EAFD7C2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:vto-65xxx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AC98964-DBDE-438C-A0E7-BF11D1BBC4B0", "versionEndExcluding": "4.300.0000004.0.r.210715", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:vto-65xxx:-:*:*:*:*:*:*:*", "matchCriteriaId": "9438ADC0-C8F4-48E1-A905-9914A3AE715E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:vto-75x95x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3FFF94A-7F57-49D2-A6BA-5B58064C41C5", "versionEndExcluding": "4.300.0000003.0.r.210714", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:vto-75x95x:-:*:*:*:*:*:*:*", "matchCriteriaId": "B205125D-5A33-49B0-A2BA-BD833D107924", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:xvr-4x04_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5BFB4B89-FD66-4A9E-9163-8E27730012C8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:xvr-4x04:-:*:*:*:*:*:*:*", "matchCriteriaId": "97031A47-9275-45CD-AFBB-A906A3A37D71", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:xvr-4x08_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "83753916-EBB9-4378-9448-79B33EA851C7", "versionEndExcluding": "4.001.0000001.1.r.210709", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:xvr-4x08:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6962025-38D1-4B8E-9C51-2806599F8779", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:xvr-4x04_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3D44B80-93EF-41AD-9BFD-B363CC8356CF", "versionEndExcluding": "4.001.0000001.1.r.210709", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:xvr-4x04:-:*:*:*:*:*:*:*", "matchCriteriaId": "97031A47-9275-45CD-AFBB-A906A3A37D71", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:xvr-5x04_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "44FAD9FC-F99A-45DE-A8FA-031CD0F4680E", "versionEndExcluding": "4.001.0000003.1.r.210710", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:xvr-5x04:-:*:*:*:*:*:*:*", "matchCriteriaId": "F496B4C1-062B-4C6E-9F8C-C3B49D4D98EF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:xvr-5x08_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEAA6256-9F3D-43C7-858C-D07025EE5400", "versionEndExcluding": "4.001.0000003.1.r.210710", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:xvr-5x08:-:*:*:*:*:*:*:*", "matchCriteriaId": "AA245352-2E71-4401-AB16-1CA8D827D858", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:xvr-5x16_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C5D8D60-F5A5-42B2-830B-E4D89828988F", "versionEndExcluding": "4.001.0000003.1.r.210710", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:xvr-5x16:-:*:*:*:*:*:*:*", "matchCriteriaId": "60F64F53-4C08-48A1-A3EB-F3EB5A1C0631", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:xvr-7x16_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "22635FB9-7898-457B-938B-9946CFC9EE73", "versionEndExcluding": "4.001.0000003.1.r.210710", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:xvr-7x16:-:*:*:*:*:*:*:*", "matchCriteriaId": "95CC3087-2310-4520-8B69-4F21F6F78197", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:xvr-7x32_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D80CC1B-87EC-44BF-A453-A57350A4C061", "versionEndExcluding": "4.001.0000003.1.r.210710", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:xvr-7x32:-:*:*:*:*:*:*:*", "matchCriteriaId": "06268CD6-0DFD-4501-9D4E-AA25E14B215E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets."}, {"lang": "es", "value": "Una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n de identidad encontrada en algunos productos Dahua durante el proceso de inicio de sesi\u00f3n. Los atacantes pueden omitir la autenticaci\u00f3n de identidad del dispositivo al construir paquetes de datos maliciosos"}], "id": "CVE-2021-33045", "lastModified": "2024-11-21T06:08:11.097", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-15T22:15:10.687", "references": [{"source": "cybersecurity@dahuatech.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html"}, {"source": "cybersecurity@dahuatech.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Oct/13"}, {"source": "cybersecurity@dahuatech.com", "tags": ["Vendor Advisory"], "url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Oct/13"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"}], "sourceIdentifier": "cybersecurity@dahuatech.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}