CVE-2021-33045

CRITICAL KEV NUCLEI

Dahua - Auth Bypass

Title source: llm

Description

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

Exploits (3)

nomisec WORKING POC 7 stars
by dongpohezui · poc
https://github.com/dongpohezui/cve-2021-33045
nomisec WORKING POC 1 stars
by lequoca · infoleak
https://github.com/lequoca/Camera-Dahua-CVE-2021-33045
vulncheck_xdb WORKING POC
remote
https://github.com/Bd-Mutant7/DahuaLoginBypass

Nuclei Templates (1)

Dahua IPC/VTH/VTO - Authentication Bypass
CRITICALby phantomowl

References (4)

Scores

CVSS v3 9.8
EPSS 0.9414
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2024-08-21
VulnCheck KEV 2024-08-21
InTheWild.io 2024-08-21
ENISA EUVD EUVD-2021-19760
CWE
CWE-287
Status published
Products (19)
dahuasecurity/ipc-hum7xxx_firmware < 2.820.0000000.5.r.210705
dahuasecurity/ipc-hx3xxx_firmware < 2.800.0000000.29.r.210630
dahuasecurity/ipc-hx5xxx_firmware < 2.820.0000000.5.r.210705
dahuasecurity/nvr-1xxx_firmware < 4.001.0000005.1.r.210709
dahuasecurity/nvr-2xxx_firmware < 4.001.0000000.1.r.210710
dahuasecurity/nvr-4xxx_firmware < 4.001.0000005.1.r.210713
dahuasecurity/nvr-5xxx_firmware < 4.001.0000000.0.r.210710
dahuasecurity/nvr-6xx_firmware < 4.001.0000001.1.r.210716
dahuasecurity/vth-542xh_firmware < 4.500.0000002.0.r.210715
dahuasecurity/vto-65xxx_firmware < 4.300.0000004.0.r.210715
... and 9 more
Published Sep 15, 2021
KEV Added Aug 21, 2024
Tracked Since Feb 18, 2026