CVE-2021-33044

This repository contains functional exploit code for CVE-2021-33044, an authentication bypass vulnerability in Dahua cameras. The PoC overrides jQuery.extend to manipulate login parameters, allowing unauthorized access.

This repository contains functional exploit code for CVE-2021-33044 and CVE-2021-33045, which are authentication bypass vulnerabilities in Dahua IP cameras. The scripts demonstrate the vulnerability by exploiting the RPC2 login mechanism with an empty password hash.

The repository contains a functional Python script that exploits an authentication bypass vulnerability (CVE-2021-33044) in Dahua IPC/VTH/VTO devices by sending a crafted JSON payload to the RPC2_Login endpoint, bypassing identity authentication.

The repository contains a functional Python script that exploits an authentication bypass vulnerability (CVE-2021-33044) in Dahua IPC/VTH/VTO devices by sending a crafted POST request to the RPC2_Login endpoint. The exploit checks for vulnerability by verifying the presence of 'true' in the response and saves the session token if successful.

This repository contains functional exploit code for CVE-2021-33044, an authentication bypass vulnerability in Dahua cameras. The PoC uses JavaScript to override jQuery.extend, manipulating login parameters to bypass authentication.

This repository contains functional exploit code for CVE-2021-33044, an authentication bypass vulnerability in Dahua cameras/DVRs/NVRs. The PoC leverages a flaw in the challenge-response authentication mechanism, allowing attackers to bypass login by submitting an empty password hash.

The repository contains a functional exploit for CVE-2021-33044, an authentication bypass vulnerability in Dahua IPC/VTH/VTO devices. The exploit sends a crafted JSON payload to the `/RPC2_Login` endpoint, bypassing authentication by manipulating the `password` and `userName` fields.