CVE-2021-33044

CRITICAL KEV NUCLEI

Dahua IPC-HUM7XXX IPC-HX3XXX IPC-HX5XXX SD1A1 SD22 SD49 SD50 SD52C SD6AL TPC-BF1241 Firmware Authentication Bypass

Title source: llm

Exploitation Summary

CVE-2021-33044 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added August 21, 2024. EIP tracks 7 public exploits from researchers including bp2008, umair-aziz025, haingn. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2021-33044, an authentication bypass vulnerability in Dahua cameras. The PoC overrides jQuery.extend to manipulate login parameters, allowing unauthorized access.

Description

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

Exploits (7)

nomisec WORKING POC 176 stars

by bp2008 · poc

https://github.com/bp2008/DahuaLoginBypass

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2021-33044, an authentication bypass vulnerability in Dahua cameras. The PoC overrides jQuery.extend to manipulate login parameters, allowing unauthorized access.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Dahua camera firmware (pre-Sept 2021)

No auth needed

Prerequisites: Access to Dahua camera login page · Browser extension environment (Chrome)

MITRE ATT&CK

T1556.007 - Hybrid Identity

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 2 stars

by umair-aziz025 · remote

https://github.com/umair-aziz025/dahua-cve-research

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2021-33044 and CVE-2021-33045, which are authentication bypass vulnerabilities in Dahua IP cameras. The scripts demonstrate the vulnerability by exploiting the RPC2 login mechanism with an empty password hash.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Dahua IP cameras (various models, firmware versions below 2.820.x for IPC and 4.001.x for NVR/XVR)

No auth needed

Prerequisites: Network access to the target device · Dahua IP camera with vulnerable firmware

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Mar 04, 2026 Full analysis →

nomisec WORKING POC 2 stars

by haingn · remote

https://github.com/haingn/LoHongCam-CVE-2021-33044

View Code ZIP pw:eip

The repository contains a functional Python script that exploits an authentication bypass vulnerability (CVE-2021-33044) in Dahua IPC/VTH/VTO devices by sending a crafted JSON payload to the RPC2_Login endpoint, bypassing identity authentication.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Dahua IPC/VTH/VTO devices

No auth needed

Prerequisites: Network access to the target device · Target device running vulnerable Dahua firmware

MITRE ATT&CK

T1110.001 - Password Guessing

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 1 stars

by Spy0x7 · poc

https://github.com/Spy0x7/CVE-2021-33044

View Code ZIP pw:eip

The repository contains a functional Python script that exploits an authentication bypass vulnerability (CVE-2021-33044) in Dahua IPC/VTH/VTO devices by sending a crafted POST request to the RPC2_Login endpoint. The exploit checks for vulnerability by verifying the presence of 'true' in the response and saves the session token if successful.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Dahua IPC/VTH/VTO devices

No auth needed

Prerequisites: Network access to the target device · Python 3 environment with requests library

MITRE ATT&CK

T1110.001 - Password Guessing

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by Bd-Mutant7 · poc

https://github.com/Bd-Mutant7/DahuaLoginBypass

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2021-33044, an authentication bypass vulnerability in Dahua cameras. The PoC uses JavaScript to override jQuery.extend, manipulating login parameters to bypass authentication.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Dahua cameras (firmware versions prior to September 2021)

No auth needed

Prerequisites: Access to the Dahua camera login page · Browser extension environment (e.g., Chrome extension)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Apr 10, 2026 Full analysis →

nomisec WORKING POC

by eagle-nett · infoleak

https://github.com/eagle-nett/DAHUA_AUTH-BYPASS-CVE-2021-33044

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2021-33044, an authentication bypass vulnerability in Dahua cameras/DVRs/NVRs. The PoC leverages a flaw in the challenge-response authentication mechanism, allowing attackers to bypass login by submitting an empty password hash.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Dahua Camera/DVR/NVR (multiple versions)

No auth needed

Prerequisites: network access to target device · RPC2_Login endpoint exposed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Mar 24, 2026 Full analysis →

nomisec WORKING POC

by Baza-NATO · remote-auth

https://github.com/Baza-NATO/CVE-2021-33044

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2021-33044, an authentication bypass vulnerability in Dahua IPC/VTH/VTO devices. The exploit sends a crafted JSON payload to the `/RPC2_Login` endpoint, bypassing authentication by manipulating the `password` and `userName` fields.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Dahua IPC/VTH/VTO devices

No auth needed

Prerequisites: Network access to the target device · Target device running vulnerable Dahua firmware

MITRE ATT&CK

T1110.001 - Password Guessing T1550 - Use Alternate Authentication Material

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

Dahua IPC/VTH/VTO - Authentication Bypass

CRITICALby gy741

References (4)

Core 4

Core References

Vendor Advisory x_refsource_misc

https://www.dahuasecurity.com/support/cybersecurity/details/957

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2021/Oct/13

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33044

Scores

CVSS v3 9.8

EPSS 0.9427

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2024-08-21

VulnCheck KEV 2023-12-05

InTheWild.io 2024-08-21

ENISA EUVD EUVD-2021-19759

CWE

CWE-287

Status published

Products (19)

dahuasecurity/ipc-hum7xxx_firmware < 2.820.0000000.5.r.210705

dahuasecurity/ipc-hx3xxx_firmware < 2.800.0000000.29.r.210630

dahuasecurity/ipc-hx5xxx_firmware < 2.820.0000000.18.r.210705

dahuasecurity/sd1a1_firmware < 2.812.0000007.0.r.210706

dahuasecurity/sd22_firmware < 2.812.0000007.0.r.210706

dahuasecurity/sd49_firmware < 2.812.0000007.0.r.210706

dahuasecurity/sd50_firmware < 2.812.0000007.0.r.210706

dahuasecurity/sd52c_firmware < 2.812.0000007.0.r.210706

dahuasecurity/sd6al_firmware < 2.812.0000007.0.r.210706

dahuasecurity/tpc-bf1241_firmware < 2.630.0000000.6.r.210707

... and 9 more

Published Sep 15, 2021

KEV Added Aug 21, 2024

Tracked Since Feb 18, 2026