CVE-2021-33046

Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://support.dahuatech.com/networkSecurity/securityDetails?id=95	Vendor Advisory
https://www.dahuasecurity.com/support/cybersecurity/details/957	Not Applicable
https://www.dahuasecurity.com/support/cybersecurity/details/987	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dahuasecurity:ipc-hx1xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx1xxx:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dahuasecurity:ipc-hx5\(4\)\(3\)xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx5\(4\)\(3\)xxx:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd1a1:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd22:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:dahuasecurity:sd49_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd49:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf1241:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf2221:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:dahuasecurity:tpc-pt8x21x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-pt8x21x:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-sd2221:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:dahuasecurity:nvr1xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr1xxx:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:dahuasecurity:nvr2xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr2xxx:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:dahuasecurity:nvr4xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr4xxx:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:dahuasecurity:nvr5xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr5xxx:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:dahuasecurity:xvr4xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr4xxx:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:dahuasecurity:xvr5xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr5xxx:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:dahuasecurity:xvr7xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr7xxx:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:dahuasecurity:hcvr7xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:hcvr7xxx:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:dahuasecurity:hcvr8xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:hcvr8xxx:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:dahuasecurity:vtox20xf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:vtox20xf:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:dahuasecurity:asc2204c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:asc2204c:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-01-13 21:15

Updated : 2024-02-28 18:48

NVD link : CVE-2021-33046

Mitre link : CVE-2021-33046

CVE.ORG link : CVE-2021-33046

JSON object : View

Products Affected

dahuasecurity

sd50
vtox20xf_firmware
nvr2xxx
ipc-hx5\(4\)\(3\)xxx_firmware
nvr1xxx
xvr4xxx_firmware
tpc-sd8x21
sd1a1
ipc-hx2xxx
sd52c_firmware
asc2204c
nvr4xxx
sd49_firmware
ipc-hx5\(4\)\(3\)xxx
sd52c
hcvr7xxx_firmware
tpc-bf5x01_firmware
tpc-bf1241
nvr4xxx_firmware
sd1a1_firmware
tpc-bf2221_firmware
nvr5xxx
hcvr8xxx_firmware
ipc-hx1xxx_firmware
xvr4xxx
tpc-bf2221
ipc-hx2xxx_firmware
xvr5xxx
ipc-hx5xxx_firmware
sd22_firmware
ipc-hx3xxx_firmware
hcvr8xxx
xvr7xxx
tpc-sd8x21_firmware
nvr1xxx_firmware
tpc-pt8x21x_firmware
ipc-hx3xxx
tpc-pt8x21x
ipc-hx1xxx
asc2204c_firmware
sd6al
nvr2xxx_firmware
xvr7xxx_firmware
tpc-sd2221_firmware
sd50_firmware
sd6al_firmware
vtox20xf
sd22
tpc-bf1241_firmware
xvr5xxx_firmware
nvr5xxx_firmware
tpc-sd2221
hcvr7xxx
ipc-hx5xxx
tpc-bf5x01
sd49

CWE

CWE-287

Improper Authentication

9.8 /10