CVE-2021-33045

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity...

Basic Information

CVE State: PUBLISHED
Reserved Date: May 17, 2021
Published Date: September 15, 2021
Last Updated: September 05, 2024
Vendor: n/a
Product: Some Dahua IP Camera, Video Intercom, NVR, XVR devices
Description: The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2024-08-21 00:00:00 UTC) Source

References

https://www.dahuasecurity.com/support/cybersecurity/details/957 http://seclists.org/fulldisclosure/2021/Oct/13 http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2024-08-21 00:00:00 UTC