Exploited
critical
10
CWE
287
Advisory Published
Updated

CVE-2021-33044: Dahua IP Camera Authentication Bypass Vulnerability

First published: Wed Sep 15 2021(Updated: )

Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authentication.

Credit: cybersecurity@dahuatech.com cybersecurity@dahuatech.com

Affected SoftwareAffected VersionHow to fix
Dahuasecurity Ipc-hum7xxx Firmware<2.820.0000000.5.r.210705
Dahuasecurity Ipc-hum7xxx
Dahuasecurity Ipc-hx3xxx Firmware<2.800.0000000.29.r.210630
Dahuasecurity Ipc-hx3xxx
Dahuasecurity Ipc-hx5xxx Firmware<2.820.0000000.18.r.210705
Dahuasecurity Ipc-hx5xxx
Dahuasecurity Sd1a1 Firmware<2.812.0000007.0.r.210706
Dahuasecurity Sd1a1
Dahuasecurity Sd22 Firmware<2.812.0000007.0.r.210706
Dahuasecurity Sd22
Dahuasecurity Sd41 Firmware<2.812.0000007.0.r.210706
Dahuasecurity Sd41
Dahuasecurity Sd50 Firmware<2.812.0000007.0.r.210706
Dahuasecurity Sd50
Dahuasecurity Sd52c Firmware<2.812.0000007.0.r.210706
Dahuasecurity Sd52c
Dahuasecurity Sd6al Firmware<2.812.0000007.0.r.210706
Dahuasecurity Sd6al
Dahuasecurity Tpc-bf1241 Firmware<2.630.0000000.6.r.210707
Dahuasecurity Tpc-bf1241
Dahuasecurity Tpc-bf2221 Firmware<2.630.0000000.10.r.210707
Dahuasecurity Tpc-bf2221
Dahuasecurity Tpc-bf5x01 Firmware<2.630.0000000.12.r.210707
Dahuasecurity Tpc-bf5x01
Dahuasecurity Tpc-pt8x21b Firmware<2.630.0000000.10.r.210701
Dahuasecurity Tpc-pt8x21b
Dahuasecurity Tpc-sd2221 Firmware<=2.630.0000000.7.r.210707
Dahuasecurity Tpc-sd2221
Dahuasecurity Tpc-sd8x21 Firmware<2.630.0000000.9.r.210706
Dahuasecurity Tpc-sd8x21
Dahuasecurity Vto-65xxx Firmware<4.300.0000004.0.r.210715
Dahuasecurity Vto-65xxx
Dahuasecurity Vto-75x95x Firmware<4.300.0000003.0.r.210714
Dahuasecurity Vto-75x95x
Dahuasecurity Vth-542xh Firmware<4.500.0000002.0.r.210715
Dahuasecurity Vth-542xh
Dahuasecurity Tpc-bf5x21 Firmware<2.630.0000000.8.r.210630
Dahuasecurity Tpc-bf5x21
Dahua IP Camera Firmware
All of
Dahuasecurity Ipc-hum7xxx Firmware<2.820.0000000.5.r.210705
Dahuasecurity Ipc-hum7xxx
All of
Dahuasecurity Ipc-hx3xxx Firmware<2.800.0000000.29.r.210630
Dahuasecurity Ipc-hx3xxx
All of
Dahuasecurity Ipc-hx5xxx Firmware<2.820.0000000.18.r.210705
Dahuasecurity Ipc-hx5xxx
All of
Dahuasecurity Sd1a1 Firmware<2.812.0000007.0.r.210706
Dahuasecurity Sd1a1
All of
Dahuasecurity Sd22 Firmware<2.812.0000007.0.r.210706
Dahuasecurity Sd22
All of
Dahuasecurity Sd41 Firmware<2.812.0000007.0.r.210706
Dahuasecurity Sd41
All of
Dahuasecurity Sd50 Firmware<2.812.0000007.0.r.210706
Dahuasecurity Sd50
All of
Dahuasecurity Sd52c Firmware<2.812.0000007.0.r.210706
Dahuasecurity Sd52c
All of
Dahuasecurity Sd6al Firmware<2.812.0000007.0.r.210706
Dahuasecurity Sd6al
All of
Dahuasecurity Tpc-bf1241 Firmware<2.630.0000000.6.r.210707
Dahuasecurity Tpc-bf1241
All of
Dahuasecurity Tpc-bf2221 Firmware<2.630.0000000.10.r.210707
Dahuasecurity Tpc-bf2221
All of
Dahuasecurity Tpc-bf5x01 Firmware<2.630.0000000.12.r.210707
Dahuasecurity Tpc-bf5x01
All of
Dahuasecurity Tpc-pt8x21b Firmware<2.630.0000000.10.r.210701
Dahuasecurity Tpc-pt8x21b
All of
Dahuasecurity Tpc-sd2221 Firmware<=2.630.0000000.7.r.210707
Dahuasecurity Tpc-sd2221
All of
Dahuasecurity Tpc-sd8x21 Firmware<2.630.0000000.9.r.210706
Dahuasecurity Tpc-sd8x21
All of
Dahuasecurity Vto-65xxx Firmware<4.300.0000004.0.r.210715
Dahuasecurity Vto-65xxx
All of
Dahuasecurity Vto-75x95x Firmware<4.300.0000003.0.r.210714
Dahuasecurity Vto-75x95x
All of
Dahuasecurity Vth-542xh Firmware<4.500.0000002.0.r.210715
Dahuasecurity Vth-542xh
All of
Dahuasecurity Tpc-bf5x21 Firmware<2.630.0000000.8.r.210630
Dahuasecurity Tpc-bf5x21

Remedy

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2021-33044?

    CVE-2021-33044 is an identity authentication bypass vulnerability found in some Dahua products during the login process.

  • How severe is CVE-2021-33044?

    CVE-2021-33044 has a severity rating of 9.8 (critical).

  • Which Dahua products are affected by CVE-2021-33044?

    Dahua products with the following firmware versions are affected: IPC-HUM7xxx, IPC-HX3xxx, IPC-HX5xxx, SD1a1, SD22, SD41, SD50, SD52c, SD6al, TPC-BF1241, TPC-BF2221, TPC-BF5x01, TPC-PT8x21b, TPC-SD2221, TPC-SD8x21, VTO-65xxx, VTO-75x95x, VTH-542xh, and TPC-BF5x21.

  • How can attackers exploit CVE-2021-33044?

    Attackers can exploit CVE-2021-33044 by bypassing device identity authentication using malicious data packets.

  • Where can I find more information about CVE-2021-33044?

    More information about CVE-2021-33044 can be found at the following references: [link1], [link2], [link3].

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203