CVE-2021-33046 - Vulnerability Details

Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00502.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Access control vulnerability found in some Dahua products

affected

Version	Status	Constraints
`Dahua IP Camera devices IPC-HX3XXX, and IPC-HX5XXX`	affected	—
`PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL`	affected	—
`Thermal TPC-BF1241,TPC-BF2221, TPC-SD2221`	affected	—
`VTO2101E, VTOX221E, and ASC2204C devices Buildtime between 2017/7 ~ 2021/7. NVR devices NVR4XXX, and NVR5XXX`	affected	—
`XVR devices XVR4XXX, and XVR5XXX`	affected	—
`HCVR devices HCVR7XXX, and HCVR8XXX devices Buildtime between 2017/1 ~ 2021/7.`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:dahuasecurity:ipc-hx1xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx1xxx:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dahuasecurity:ipc-hx5\(4\)\(3\)xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx5\(4\)\(3\)xxx:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd1a1:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd22:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:dahuasecurity:sd49_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd49:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf1241:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf2221:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-pt8x21x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-pt8x21x:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-sd2221:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:dahuasecurity:nvr1xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr1xxx:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:dahuasecurity:nvr2xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr2xxx:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:dahuasecurity:nvr4xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr4xxx:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:dahuasecurity:nvr5xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr5xxx:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:dahuasecurity:xvr4xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr4xxx:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:dahuasecurity:xvr5xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr5xxx:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:dahuasecurity:xvr7xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr7xxx:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:dahuasecurity:hcvr7xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:hcvr7xxx:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:dahuasecurity:hcvr8xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:hcvr8xxx:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:dahuasecurity:vtox20xf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:vtox20xf:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:dahuasecurity:asc2204c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:asc2204c:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Dahuasecurity Subscribe	Asc2204c Subscribe Asc2204c Firmware Subscribe Hcvr7xxx Subscribe Hcvr7xxx Firmware Subscribe Hcvr8xxx Subscribe Hcvr8xxx Firmware Subscribe Ipc-hx1xxx Subscribe Ipc-hx1xxx Firmware Subscribe Ipc-hx2xxx Subscribe Ipc-hx2xxx Firmware Subscribe Ipc-hx3xxx Subscribe Ipc-hx3xxx Firmware Subscribe Ipc-hx5\(4\)\(3\)xxx Subscribe Ipc-hx5\(4\)\(3\)xxx Firmware Subscribe Ipc-hx5xxx Subscribe Ipc-hx5xxx Firmware Subscribe Nvr1xxx Subscribe Nvr1xxx Firmware Subscribe Nvr2xxx Subscribe Nvr2xxx Firmware Subscribe Nvr4xxx Subscribe Nvr4xxx Firmware Subscribe Nvr5xxx Subscribe Nvr5xxx Firmware Subscribe Sd1a1 Subscribe Sd1a1 Firmware Subscribe Sd22 Subscribe Sd22 Firmware Subscribe Sd49 Subscribe Sd49 Firmware Subscribe Sd50 Subscribe Sd50 Firmware Subscribe Sd52c Subscribe Sd52c Firmware Subscribe Sd6al Subscribe Sd6al Firmware Subscribe Tpc-bf1241 Subscribe Tpc-bf1241 Firmware Subscribe Tpc-bf2221 Subscribe Tpc-bf2221 Firmware Subscribe Tpc-bf5x01 Subscribe Tpc-bf5x01 Firmware Subscribe Tpc-pt8x21x Subscribe Tpc-pt8x21x Firmware Subscribe Tpc-sd2221 Subscribe Tpc-sd2221 Firmware Subscribe Tpc-sd8x21 Subscribe Tpc-sd8x21 Firmware Subscribe Vtox20xf Subscribe Vtox20xf Firmware Subscribe Xvr4xxx Subscribe Xvr4xxx Firmware Subscribe Xvr5xxx Subscribe Xvr5xxx Firmware Subscribe Xvr7xxx Subscribe Xvr7xxx Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2021-19761	Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://support.dahuatech.com/networkSecurity/securityDetails?id=95
https://www.dahuasecurity.com/support/cybersecurity/details/957
https://www.dahuasecurity.com/support/cybersecurity/details/987

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: dahua

Published: 2022-01-13T20:27:13

Updated: 2024-08-03T23:42:19.550Z

Reserved: 2021-05-17T00:00:00

Link: CVE-2021-33046

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-01-13T21:15:07.753

Modified: 2024-11-21T06:08:11.233

Link: CVE-2021-33046

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-287

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object