CVE-2021-33046
CRITICALDahua IPC-HX1XXX-HX5XXX SD1A1-SD6AL Firmware 2017-7-2021-7 - Improper Authentication via Password Reset
Title source: llmDescription
Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.
References (3)
Core 3
Core References
Not Applicable x_refsource_misc
https://www.dahuasecurity.com/support/cybersecurity/details/957
Vendor Advisory x_refsource_confirm
https://www.dahuasecurity.com/support/cybersecurity/details/987
Vendor Advisory x_refsource_confirm
https://support.dahuatech.com/networkSecurity/securityDetails?id=95
Scores
CVSS v3
9.8
EPSS
0.0130
EPSS Percentile
66.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (28)
dahuasecurity/asc2204c_firmware
2017-7 - 2021-7
dahuasecurity/hcvr7xxx_firmware
2017-7 - 2021-7
dahuasecurity/hcvr8xxx_firmware
2017-7 - 2021-7
dahuasecurity/ipc-hx1xxx_firmware
2017-7 - 2021-7
dahuasecurity/ipc-hx2xxx_firmware
2017-7 - 2021-7
dahuasecurity/ipc-hx3xxx_firmware
2017-7 - 2021-7
dahuasecurity/ipc-hx5\(4\)\(3\)xxx_firmware
2017-7 - 2021-7
dahuasecurity/ipc-hx5xxx_firmware
2017-7 - 2021-7
dahuasecurity/nvr1xxx_firmware
2017-7 - 2021-7
dahuasecurity/nvr2xxx_firmware
2017-7 - 2021-7
... and 18 more
Published
Jan 13, 2022
Tracked Since
Feb 18, 2026