Exploited
critical
10
CWE
287
Advisory Published
Updated

CVE-2021-33044: Dahua IP Camera Authentication Bypass Vulnerability

First published: Wed Sep 15 2021(Updated: )

Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authentication.

Credit: cybersecurity@dahuatech.com cybersecurity@dahuatech.com

Affected SoftwareAffected VersionHow to fix
Dahua IP Camera Firmware
All of
Dahua IPC-HUM7XXX<2.820.0000000.5.r.210705
Dahua IPC-HUM7XXX
All of
Dahuasecurity IPC-HX3XXX Firmware<2.800.0000000.29.r.210630
Dahuasecurity IPC-HX3XXX
All of
Dahuasecurity IPC-HX5(4)(3)XXX Firmware<2.820.0000000.18.r.210705
Dahua IPC-HX5(4)(3)XXX
All of
Dahuasecurity Sd1a1<2.812.0000007.0.r.210706
Dahuasecurity Sd1a1 Firmware
All of
Dahua Security SD22<2.812.0000007.0.r.210706
Dahua Security SD22
All of
Dahua Security SD41 Firmware<2.812.0000007.0.r.210706
Dahua Security SD41 Firmware
All of
Dahuasecurity Sd50 Firmware<2.812.0000007.0.r.210706
Dahuasecurity Sd50 Firmware
All of
Dahuasecurity Sd52c Firmware<2.812.0000007.0.r.210706
Dahuasecurity Sd52c Firmware
All of
Dahua Security SD6AL Firmware<2.812.0000007.0.r.210706
Dahua Security SD6AL
All of
Dahuasecurity Tpc-bf1241 Firmware<2.630.0000000.6.r.210707
Dahuasecurity Tpc-bf1241 Firmware
All of
Dahuasecurity Tpc-bf2221<2.630.0000000.10.r.210707
Dahuasecurity Tpc-bf2221 Firmware
All of
Dahuasecurity Tpc-bf5x01<2.630.0000000.12.r.210707
Dahuasecurity Tpc-bf5x01 Firmware
All of
Dahua Security TPC-PT8X21B<2.630.0000000.10.r.210701
Dahuasecurity Tpc-pt8x21b Firmware
All of
Dahua Technology TPC-SD2221<=2.630.0000000.7.r.210707
Dahua Technology TPC-SD2221
All of
Dahuasecurity Tpc-sd8x21 Firmware<2.630.0000000.9.r.210706
Dahuasecurity Tpc-sd8x21 Firmware
All of
Dahuasecurity Vto-65xxx Firmware<4.300.0000004.0.r.210715
Dahuasecurity Vto-65xxx Firmware
All of
Dahua VTO-75X95X Firmware<4.300.0000003.0.r.210714
Dahua VTO-75X95X Firmware
All of
Dahuasecurity Vth-542xh Firmware<4.500.0000002.0.r.210715
Dahuasecurity VTH-542XH
All of
Dahuasecurity Tpc-bf5x21<2.630.0000000.8.r.210630
Dahuasecurity Tpc-bf5x21 Firmware
Dahua IPC-HUM7XXX<2.820.0000000.5.r.210705
Dahua IPC-HUM7XXX
Dahuasecurity IPC-HX3XXX Firmware<2.800.0000000.29.r.210630
Dahuasecurity IPC-HX3XXX
Dahuasecurity IPC-HX5(4)(3)XXX Firmware<2.820.0000000.18.r.210705
Dahua IPC-HX5(4)(3)XXX
Dahuasecurity Sd1a1<2.812.0000007.0.r.210706
Dahuasecurity Sd1a1 Firmware
Dahua Security SD22<2.812.0000007.0.r.210706
Dahua Security SD22
Dahua Security SD41 Firmware<2.812.0000007.0.r.210706
Dahua Security SD41 Firmware
Dahuasecurity Sd50 Firmware<2.812.0000007.0.r.210706
Dahuasecurity Sd50 Firmware
Dahuasecurity Sd52c Firmware<2.812.0000007.0.r.210706
Dahuasecurity Sd52c Firmware
Dahua Security SD6AL Firmware<2.812.0000007.0.r.210706
Dahua Security SD6AL
Dahuasecurity Tpc-bf1241 Firmware<2.630.0000000.6.r.210707
Dahuasecurity Tpc-bf1241 Firmware
Dahuasecurity Tpc-bf2221<2.630.0000000.10.r.210707
Dahuasecurity Tpc-bf2221 Firmware
Dahuasecurity Tpc-bf5x01<2.630.0000000.12.r.210707
Dahuasecurity Tpc-bf5x01 Firmware
Dahua Security TPC-PT8X21B<2.630.0000000.10.r.210701
Dahuasecurity Tpc-pt8x21b Firmware
Dahua Technology TPC-SD2221<=2.630.0000000.7.r.210707
Dahua Technology TPC-SD2221
Dahuasecurity Tpc-sd8x21 Firmware<2.630.0000000.9.r.210706
Dahuasecurity Tpc-sd8x21 Firmware
Dahuasecurity Vto-65xxx Firmware<4.300.0000004.0.r.210715
Dahuasecurity Vto-65xxx Firmware
Dahua VTO-75X95X Firmware<4.300.0000003.0.r.210714
Dahua VTO-75X95X Firmware
Dahuasecurity Vth-542xh Firmware<4.500.0000002.0.r.210715
Dahuasecurity VTH-542XH
Dahuasecurity Tpc-bf5x21<2.630.0000000.8.r.210630
Dahuasecurity Tpc-bf5x21 Firmware

Remedy

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2021-33044?

    CVE-2021-33044 is an identity authentication bypass vulnerability found in some Dahua products during the login process.

  • How severe is CVE-2021-33044?

    CVE-2021-33044 has a severity rating of 9.8 (critical).

  • Which Dahua products are affected by CVE-2021-33044?

    Dahua products with the following firmware versions are affected: IPC-HUM7xxx, IPC-HX3xxx, IPC-HX5xxx, SD1a1, SD22, SD41, SD50, SD52c, SD6al, TPC-BF1241, TPC-BF2221, TPC-BF5x01, TPC-PT8x21b, TPC-SD2221, TPC-SD8x21, VTO-65xxx, VTO-75x95x, VTH-542xh, and TPC-BF5x21.

  • How can attackers exploit CVE-2021-33044?

    Attackers can exploit CVE-2021-33044 by bypassing device identity authentication using malicious data packets.

  • Where can I find more information about CVE-2021-33044?

    More information about CVE-2021-33044 can be found at the following references: [link1], [link2], [link3].

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203