CVE-2021-33045

{"id": "CVE-2021-33045", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-09-15T22:15:10.687", "references": [{"url": "http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cybersecurity@dahuatech.com"}, {"url": "http://seclists.org/fulldisclosure/2021/Oct/13", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cybersecurity@dahuatech.com"}, {"url": "https://www.dahuasecurity.com/support/cybersecurity/details/957", "tags": ["Vendor Advisory"], "source": "cybersecurity@dahuatech.com"}, {"url": "http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2021/Oct/13", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.dahuasecurity.com/support/cybersecurity/details/957", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets."}, {"lang": "es", "value": "Una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n de identidad encontrada en algunos productos Dahua durante el proceso de inicio de sesi\u00f3n. Los atacantes pueden omitir la autenticaci\u00f3n de identidad del dispositivo al construir paquetes de datos maliciosos"}], "lastModified": "2024-11-21T06:08:11.097", "cisaActionDue": "2024-09-11", "cisaExploitAdd": "2024-08-21", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hum7xxx_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0356805-3ECF-4C6F-B2BF-95D507736C44", "versionEndExcluding": "2.820.0000000.5.r.210705"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hum7xxx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5AE9ACB0-4CB3-4CF5-A007-15EE977D782E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0D17050-41CA-4808-8ED3-F332FD00B551", "versionEndExcluding": "2.800.0000000.29.r.210630"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8936A118-4AB5-4B09-A9FD-E624A68315BD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F20DC69-B735-4547-826D-E4C42A39FE82", "versionEndExcluding": "2.820.0000000.5.r.210705"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F2838BDA-97FF-498E-BC81-955D31B9227A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:nvr-1xxx_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA1C3935-C83B-4A1A-BEEE-EF93F7722972", "versionEndExcluding": "4.001.0000005.1.r.210709"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:nvr-1xxx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7780D1BE-ABE0-4890-B493-36FA0A4B3266"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:nvr-2xxx_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "795EF8B2-5E6D-46EB-9F66-85F2C71B2619", "versionEndExcluding": "4.001.0000000.1.r.210710"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:nvr-2xxx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "89E3F7B3-3C51-49C1-BAEC-DA4235D5A06D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:nvr-4xxx_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1386662B-C3DE-467A-8F41-F18BDE7B9726", "versionEndExcluding": "4.001.0000005.1.r.210713"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:nvr-4xxx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "58ECDC49-09D4-4E62-AC11-E3C52C656A9D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:nvr-5xxx_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06A6B28A-2E0D-4E45-904A-66FEE5D85262", "versionEndExcluding": "4.001.0000000.0.r.210710"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:nvr-5xxx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DE621958-8AE2-44E0-9E41-94BC964CDF57"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:nvr-6xx_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90D5A1B3-88D5-4E5E-A88B-59409D41956C", "versionEndExcluding": "4.001.0000001.1.r.210716"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:nvr-6xx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9EEAC798-870E-4DE6-B7DB-44FAF5360CE5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:vth-542xh_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F1138DD-7149-4191-BF6B-5176B8EF3A07", "versionEndExcluding": "4.500.0000002.0.r.210715"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:vth-542xh:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "72039FDA-344D-4961-BB1B-E6F32EAFD7C2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:vto-65xxx_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AC98964-DBDE-438C-A0E7-BF11D1BBC4B0", "versionEndExcluding": "4.300.0000004.0.r.210715"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:vto-65xxx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9438ADC0-C8F4-48E1-A905-9914A3AE715E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:vto-75x95x_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3FFF94A-7F57-49D2-A6BA-5B58064C41C5", "versionEndExcluding": "4.300.0000003.0.r.210714"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:vto-75x95x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B205125D-5A33-49B0-A2BA-BD833D107924"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:xvr-4x04_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BFB4B89-FD66-4A9E-9163-8E27730012C8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:xvr-4x04:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "97031A47-9275-45CD-AFBB-A906A3A37D71"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:xvr-4x08_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83753916-EBB9-4378-9448-79B33EA851C7", "versionEndExcluding": "4.001.0000001.1.r.210709"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:xvr-4x08:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D6962025-38D1-4B8E-9C51-2806599F8779"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:xvr-4x04_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3D44B80-93EF-41AD-9BFD-B363CC8356CF", "versionEndExcluding": "4.001.0000001.1.r.210709"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:xvr-4x04:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "97031A47-9275-45CD-AFBB-A906A3A37D71"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:xvr-5x04_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44FAD9FC-F99A-45DE-A8FA-031CD0F4680E", "versionEndExcluding": "4.001.0000003.1.r.210710"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:xvr-5x04:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F496B4C1-062B-4C6E-9F8C-C3B49D4D98EF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:xvr-5x08_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEAA6256-9F3D-43C7-858C-D07025EE5400", "versionEndExcluding": "4.001.0000003.1.r.210710"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:xvr-5x08:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AA245352-2E71-4401-AB16-1CA8D827D858"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:xvr-5x16_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C5D8D60-F5A5-42B2-830B-E4D89828988F", "versionEndExcluding": "4.001.0000003.1.r.210710"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:xvr-5x16:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "60F64F53-4C08-48A1-A3EB-F3EB5A1C0631"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:xvr-7x16_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22635FB9-7898-457B-938B-9946CFC9EE73", "versionEndExcluding": "4.001.0000003.1.r.210710"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:xvr-7x16:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "95CC3087-2310-4520-8B69-4F21F6F78197"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dahuasecurity:xvr-7x32_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D80CC1B-87EC-44BF-A453-A57350A4C061", "versionEndExcluding": "4.001.0000003.1.r.210710"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dahuasecurity:xvr-7x32:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "06268CD6-0DFD-4501-9D4E-AA25E14B215E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@dahuatech.com", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Dahua IP Camera Authentication Bypass Vulnerability"}