CVE-2021-33046 - Vulnerability Details

Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00502.

Key SSVC decision points have not yet been added.

Vendors	Products
Dahuasecurity	Asc2204c Asc2204c Firmware Hcvr7xxx Hcvr7xxx Firmware Hcvr8xxx Hcvr8xxx Firmware Ipc-hx1xxx Ipc-hx1xxx Firmware Ipc-hx2xxx Ipc-hx2xxx Firmware Ipc-hx3xxx Ipc-hx3xxx Firmware Ipc-hx5\(4\)\(3\)xxx Ipc-hx5\(4\)\(3\)xxx Firmware Ipc-hx5xxx Ipc-hx5xxx Firmware Nvr1xxx Nvr1xxx Firmware Nvr2xxx Nvr2xxx Firmware Nvr4xxx Nvr4xxx Firmware Nvr5xxx Nvr5xxx Firmware Sd1a1 Sd1a1 Firmware Sd22 Sd22 Firmware Sd49 Sd49 Firmware Sd50 Sd50 Firmware Sd52c Sd52c Firmware Sd6al Sd6al Firmware Tpc-bf1241 Tpc-bf1241 Firmware Tpc-bf2221 Tpc-bf2221 Firmware Tpc-bf5x01 Tpc-bf5x01 Firmware Tpc-pt8x21x Tpc-pt8x21x Firmware Tpc-sd2221 Tpc-sd2221 Firmware Tpc-sd8x21 Tpc-sd8x21 Firmware Vtox20xf Vtox20xf Firmware Xvr4xxx Xvr4xxx Firmware Xvr5xxx Xvr5xxx Firmware Xvr7xxx Xvr7xxx Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dahuasecurity:ipc-hx1xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx1xxx:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dahuasecurity:ipc-hx5\(4\)\(3\)xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx5\(4\)\(3\)xxx:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd1a1:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd22:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:dahuasecurity:sd49_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd49:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf1241:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf2221:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-pt8x21x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-pt8x21x:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-sd2221:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:dahuasecurity:nvr1xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr1xxx:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:dahuasecurity:nvr2xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr2xxx:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:dahuasecurity:nvr4xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr4xxx:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:dahuasecurity:nvr5xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr5xxx:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:dahuasecurity:xvr4xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr4xxx:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:dahuasecurity:xvr5xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr5xxx:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:dahuasecurity:xvr7xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr7xxx:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:dahuasecurity:hcvr7xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:hcvr7xxx:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:dahuasecurity:hcvr8xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:hcvr8xxx:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:dahuasecurity:vtox20xf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:vtox20xf:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:dahuasecurity:asc2204c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:asc2204c:-:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2021-19761	Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.dahuatech.com/networkSecurity/securityDetails?id=95
https://www.dahuasecurity.com/support/cybersecurity/details/957
https://www.dahuasecurity.com/support/cybersecurity/details/987

History

No history.

MITRE

Status: PUBLISHED

Assigner: dahua

Published: 2022-01-13T20:27:13

Updated: 2024-08-03T23:42:19.550Z

Reserved: 2021-05-17T00:00:00

Link: CVE-2021-33046

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-01-13T21:15:07.753

Modified: 2024-11-21T06:08:11.233

Link: CVE-2021-33046

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object