Exploited
critical
10
CWE
287
Advisory Published
Updated

CVE-2021-33045: Dahua IP Camera Authentication Bypass Vulnerability

First published: Wed Sep 15 2021(Updated: )

Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication.

Credit: cybersecurity@dahuatech.com cybersecurity@dahuatech.com

Affected SoftwareAffected VersionHow to fix
Dahua IP Camera Firmware
All of
Dahua IPC-HUM7XXX<2.820.0000000.5.r.210705
Dahua IPC-HUM7XXX
All of
Dahuasecurity IPC-HX3XXX Firmware<2.800.0000000.29.r.210630
Dahuasecurity IPC-HX3XXX
All of
Dahuasecurity IPC-HX5(4)(3)XXX Firmware<2.820.0000000.5.r.210705
Dahua IPC-HX5(4)(3)XXX
All of
Dahua NVR 1xxx Firmware<4.001.0000005.1.r.210709
Dahua NVR 1xxx Firmware
All of
Dahuasecurity Nvr2xxx Firmware<4.001.0000000.1.r.210710
Dahua Security NVR 2xxx
All of
Dahuasecurity Nvr4xxx Firmware<4.001.0000005.1.r.210713
Dahuasecurity Nvr4xxx Firmware
All of
Dahua Technology NVR 5xxx Firmware<4.001.0000000.0.r.210710
Dahua Technology NVR 5xxx Firmware
All of
Dahuasecurity NVR-6XX<4.001.0000001.1.r.210716
Dahua Security NVR Series
All of
Dahuasecurity Vth-542xh Firmware<4.500.0000002.0.r.210715
Dahuasecurity VTH-542XH
All of
Dahuasecurity Vto-65xxx Firmware<4.300.0000004.0.r.210715
Dahuasecurity Vto-65xxx Firmware
All of
Dahua VTO-75X95X Firmware<4.300.0000003.0.r.210714
Dahua VTO-75X95X Firmware
All of
Dahuasecurity Xvr-4x04
Dahuasecurity Xvr-4x04 Firmware
All of
Dahua Security XVR-4x08<4.001.0000001.1.r.210709
Dahua Security XVR-4x08
All of
Dahuasecurity Xvr-4x04<4.001.0000001.1.r.210709
Dahuasecurity Xvr-4x04 Firmware
All of
Dahua XVR-5X04<4.001.0000003.1.r.210710
Dahua XVR-5X04
All of
Dahuasecurity Xvr5x08 Firmware<4.001.0000003.1.r.210710
Dahuasecurity Xvr5x08 Firmware
All of
Dahua Technology XVR5X16<4.001.0000003.1.r.210710
Dahua Technology XVR5X16
All of
Dahuasecurity Xvr7x16 Firmware<4.001.0000003.1.r.210710
Dahuasecurity Xvr7x16
All of
Dahuasecurity Xvr-7x32 Firmware<4.001.0000003.1.r.210710
Dahuasecurity Xvr-7x32 Firmware
Dahua IPC-HUM7XXX<2.820.0000000.5.r.210705
Dahua IPC-HUM7XXX
Dahuasecurity IPC-HX3XXX Firmware<2.800.0000000.29.r.210630
Dahuasecurity IPC-HX3XXX
Dahuasecurity IPC-HX5(4)(3)XXX Firmware<2.820.0000000.5.r.210705
Dahua IPC-HX5(4)(3)XXX
Dahua NVR 1xxx Firmware<4.001.0000005.1.r.210709
Dahua NVR 1xxx Firmware
Dahuasecurity Nvr2xxx Firmware<4.001.0000000.1.r.210710
Dahua Security NVR 2xxx
Dahuasecurity Nvr4xxx Firmware<4.001.0000005.1.r.210713
Dahuasecurity Nvr4xxx Firmware
Dahua Technology NVR 5xxx Firmware<4.001.0000000.0.r.210710
Dahua Technology NVR 5xxx Firmware
Dahuasecurity NVR-6XX<4.001.0000001.1.r.210716
Dahua Security NVR Series
Dahuasecurity Vth-542xh Firmware<4.500.0000002.0.r.210715
Dahuasecurity VTH-542XH
Dahuasecurity Vto-65xxx Firmware<4.300.0000004.0.r.210715
Dahuasecurity Vto-65xxx Firmware
Dahua VTO-75X95X Firmware<4.300.0000003.0.r.210714
Dahua VTO-75X95X Firmware
Dahuasecurity Xvr-4x04
Dahuasecurity Xvr-4x04 Firmware
Dahua Security XVR-4x08<4.001.0000001.1.r.210709
Dahua Security XVR-4x08
Dahuasecurity Xvr-4x04<4.001.0000001.1.r.210709
Dahua XVR-5X04<4.001.0000003.1.r.210710
Dahua XVR-5X04
Dahuasecurity Xvr5x08 Firmware<4.001.0000003.1.r.210710
Dahuasecurity Xvr5x08 Firmware
Dahua Technology XVR5X16<4.001.0000003.1.r.210710
Dahua Technology XVR5X16
Dahuasecurity Xvr7x16 Firmware<4.001.0000003.1.r.210710
Dahuasecurity Xvr7x16
Dahuasecurity Xvr-7x32 Firmware<4.001.0000003.1.r.210710
Dahuasecurity Xvr-7x32 Firmware

Remedy

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2021-33045?

    CVE-2021-33045 refers to the identity authentication bypass vulnerability found in some Dahua products during the login process.

  • How severe is CVE-2021-33045?

    CVE-2021-33045 has a severity rating of 9.8, indicating a critical vulnerability.

  • Which Dahua products are affected by CVE-2021-33045?

    Dahua products such as Dahuasecurity Ipc-hum7xxx Firmware, Dahuasecurity Ipc-hx3xxx Firmware, Dahuasecurity Ipc-hx5xxx Firmware, Dahuasecurity Nvr-1xxx Firmware, Dahuasecurity Nvr-2xxx Firmware, Dahuasecurity Nvr-4xxx Firmware, Dahuasecurity Nvr-5xxx Firmware, Dahuasecurity Nvr-6xx Firmware, Dahuasecurity Vth-542xh Firmware, Dahuasecurity Vto-65xxx Firmware, Dahuasecurity Vto-75x95x Firmware, Dahuasecurity Xvr-4x08 Firmware, Dahuasecurity Xvr-5x04 Firmware, Dahuasecurity Xvr-5x08 Firmware, Dahuasecurity Xvr-5x16 Firmware, Dahuasecurity Xvr-7x16 Firmware, and Dahuasecurity Xvr-7x32 Firmware may be affected.

  • How can an attacker exploit CVE-2021-33045?

    An attacker can exploit CVE-2021-33045 by bypassing device identity authentication using malicious data packets.

  • Where can I find more information about CVE-2021-33045?

    You can find more information about CVE-2021-33045 on the Dahua Security website.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203