CVE-2021-33045: Dahua IP Camera Authentication Bypass Vulnerability
First published: Wed Sep 15 2021(Updated: )
Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication.
Credit: cybersecurity@dahuatech.com cybersecurity@dahuatech.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dahuasecurity Ipc-hum7xxx Firmware | <2.820.0000000.5.r.210705 | |
| Dahuasecurity Ipc-hum7xxx | ||
| Dahuasecurity Ipc-hx3xxx Firmware | <2.800.0000000.29.r.210630 | |
| Dahuasecurity Ipc-hx3xxx | ||
| Dahuasecurity Ipc-hx5xxx Firmware | <2.820.0000000.5.r.210705 | |
| Dahuasecurity Ipc-hx5xxx | ||
| Dahuasecurity Nvr-1xxx Firmware | <4.001.0000005.1.r.210709 | |
| Dahuasecurity Nvr-1xxx | ||
| Dahuasecurity Nvr-2xxx Firmware | <4.001.0000000.1.r.210710 | |
| Dahuasecurity Nvr-2xxx | ||
| Dahuasecurity Nvr-4xxx Firmware | <4.001.0000005.1.r.210713 | |
| Dahuasecurity Nvr-4xxx | ||
| Dahuasecurity Nvr-5xxx Firmware | <4.001.0000000.0.r.210710 | |
| Dahuasecurity Nvr-5xxx | ||
| Dahuasecurity Nvr-6xx Firmware | <4.001.0000001.1.r.210716 | |
| Dahuasecurity Nvr-6xx | ||
| Dahuasecurity Vth-542xh Firmware | <4.500.0000002.0.r.210715 | |
| Dahuasecurity Vth-542xh | ||
| Dahuasecurity Vto-65xxx Firmware | <4.300.0000004.0.r.210715 | |
| Dahuasecurity Vto-65xxx | ||
| Dahuasecurity Vto-75x95x Firmware | <4.300.0000003.0.r.210714 | |
| Dahuasecurity Vto-75x95x | ||
| Dahuasecurity Xvr-4x04 Firmware | ||
| Dahuasecurity Xvr-4x04 | ||
| Dahuasecurity Xvr-4x08 Firmware | <4.001.0000001.1.r.210709 | |
| Dahuasecurity Xvr-4x08 | ||
| Dahuasecurity Xvr-4x04 Firmware | <4.001.0000001.1.r.210709 | |
| Dahuasecurity Xvr-5x04 Firmware | <4.001.0000003.1.r.210710 | |
| Dahuasecurity Xvr-5x04 | ||
| Dahuasecurity Xvr-5x08 Firmware | <4.001.0000003.1.r.210710 | |
| Dahuasecurity Xvr-5x08 | ||
| Dahuasecurity Xvr-5x16 Firmware | <4.001.0000003.1.r.210710 | |
| Dahuasecurity Xvr-5x16 | ||
| Dahuasecurity Xvr-7x16 Firmware | <4.001.0000003.1.r.210710 | |
| Dahuasecurity Xvr-7x16 | ||
| Dahuasecurity Xvr-7x32 Firmware | <4.001.0000003.1.r.210710 | |
| Dahuasecurity Xvr-7x32 | ||
| All of | ||
| Dahuasecurity Ipc-hum7xxx Firmware | <2.820.0000000.5.r.210705 | |
| Dahuasecurity Ipc-hum7xxx | ||
| All of | ||
| Dahuasecurity Ipc-hx3xxx Firmware | <2.800.0000000.29.r.210630 | |
| Dahuasecurity Ipc-hx3xxx | ||
| All of | ||
| Dahuasecurity Ipc-hx5xxx Firmware | <2.820.0000000.5.r.210705 | |
| Dahuasecurity Ipc-hx5xxx | ||
| All of | ||
| Dahuasecurity Nvr-1xxx Firmware | <4.001.0000005.1.r.210709 | |
| Dahuasecurity Nvr-1xxx | ||
| All of | ||
| Dahuasecurity Nvr-2xxx Firmware | <4.001.0000000.1.r.210710 | |
| Dahuasecurity Nvr-2xxx | ||
| All of | ||
| Dahuasecurity Nvr-4xxx Firmware | <4.001.0000005.1.r.210713 | |
| Dahuasecurity Nvr-4xxx | ||
| All of | ||
| Dahuasecurity Nvr-5xxx Firmware | <4.001.0000000.0.r.210710 | |
| Dahuasecurity Nvr-5xxx | ||
| All of | ||
| Dahuasecurity Nvr-6xx Firmware | <4.001.0000001.1.r.210716 | |
| Dahuasecurity Nvr-6xx | ||
| All of | ||
| Dahuasecurity Vth-542xh Firmware | <4.500.0000002.0.r.210715 | |
| Dahuasecurity Vth-542xh | ||
| All of | ||
| Dahuasecurity Vto-65xxx Firmware | <4.300.0000004.0.r.210715 | |
| Dahuasecurity Vto-65xxx | ||
| All of | ||
| Dahuasecurity Vto-75x95x Firmware | <4.300.0000003.0.r.210714 | |
| Dahuasecurity Vto-75x95x | ||
| All of | ||
| Dahuasecurity Xvr-4x04 Firmware | ||
| Dahuasecurity Xvr-4x04 | ||
| All of | ||
| Dahuasecurity Xvr-4x08 Firmware | <4.001.0000001.1.r.210709 | |
| Dahuasecurity Xvr-4x08 | ||
| All of | ||
| Dahuasecurity Xvr-4x04 Firmware | <4.001.0000001.1.r.210709 | |
| Dahuasecurity Xvr-4x04 | ||
| All of | ||
| Dahuasecurity Xvr-5x04 Firmware | <4.001.0000003.1.r.210710 | |
| Dahuasecurity Xvr-5x04 | ||
| All of | ||
| Dahuasecurity Xvr-5x08 Firmware | <4.001.0000003.1.r.210710 | |
| Dahuasecurity Xvr-5x08 | ||
| All of | ||
| Dahuasecurity Xvr-5x16 Firmware | <4.001.0000003.1.r.210710 | |
| Dahuasecurity Xvr-5x16 | ||
| All of | ||
| Dahuasecurity Xvr-7x16 Firmware | <4.001.0000003.1.r.210710 | |
| Dahuasecurity Xvr-7x16 | ||
| All of | ||
| Dahuasecurity Xvr-7x32 Firmware | <4.001.0000003.1.r.210710 | |
| Dahuasecurity Xvr-7x32 | ||
| Dahua IP Camera Firmware | ||
| All of | ||
| <2.820.0000000.5.r.210705 | ||
| All of | ||
| <2.800.0000000.29.r.210630 | ||
| All of | ||
| <2.820.0000000.5.r.210705 | ||
| All of | ||
| <4.001.0000005.1.r.210709 | ||
| All of | ||
| <4.001.0000000.1.r.210710 | ||
| All of | ||
| <4.001.0000005.1.r.210713 | ||
| All of | ||
| <4.001.0000000.0.r.210710 | ||
| All of | ||
| <4.001.0000001.1.r.210716 | ||
| All of | ||
| <4.500.0000002.0.r.210715 | ||
| All of | ||
| <4.300.0000004.0.r.210715 | ||
| All of | ||
| <4.300.0000003.0.r.210714 | ||
| All of | ||
| All of | ||
| <4.001.0000001.1.r.210709 | ||
| All of | ||
| <4.001.0000001.1.r.210709 | ||
| All of | ||
| <4.001.0000003.1.r.210710 | ||
| All of | ||
| <4.001.0000003.1.r.210710 | ||
| All of | ||
| <4.001.0000003.1.r.210710 | ||
| All of | ||
| <4.001.0000003.1.r.210710 | ||
| All of | ||
| <4.001.0000003.1.r.210710 | ||
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html
- http://seclists.org/fulldisclosure/2021/Oct/13
- https://www.dahuasecurity.com/support/cybersecurity/details/957
- https://www.theregister.com/2024/09/05/uncle_sam_charges_russian_gru/
- https://www.dahuasecurity.com/aboutUs/trustedCenter/details/582;
- https://nvd.nist.gov/vuln/detail/CVE-2021-33045
Frequently Asked Questions
What is CVE-2021-33045?
CVE-2021-33045 refers to the identity authentication bypass vulnerability found in some Dahua products during the login process.
How severe is CVE-2021-33045?
CVE-2021-33045 has a severity rating of 9.8, indicating a critical vulnerability.
Which Dahua products are affected by CVE-2021-33045?
Dahua products such as Dahuasecurity Ipc-hum7xxx Firmware, Dahuasecurity Ipc-hx3xxx Firmware, Dahuasecurity Ipc-hx5xxx Firmware, Dahuasecurity Nvr-1xxx Firmware, Dahuasecurity Nvr-2xxx Firmware, Dahuasecurity Nvr-4xxx Firmware, Dahuasecurity Nvr-5xxx Firmware, Dahuasecurity Nvr-6xx Firmware, Dahuasecurity Vth-542xh Firmware, Dahuasecurity Vto-65xxx Firmware, Dahuasecurity Vto-75x95x Firmware, Dahuasecurity Xvr-4x08 Firmware, Dahuasecurity Xvr-5x04 Firmware, Dahuasecurity Xvr-5x08 Firmware, Dahuasecurity Xvr-5x16 Firmware, Dahuasecurity Xvr-7x16 Firmware, and Dahuasecurity Xvr-7x32 Firmware may be affected.
How can an attacker exploit CVE-2021-33045?
An attacker can exploit CVE-2021-33045 by bypassing device identity authentication using malicious data packets.
Where can I find more information about CVE-2021-33045?
You can find more information about CVE-2021-33045 on the Dahua Security website.
- collector/nvd-index
- agent/type
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/remedy
- agent/title
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/the-register
- source/The Register
- alias/CVE-2021-33044
- alias/CVE-2021-33045
- alias/CVE-2022-26134
- alias/CVE-2022-26138
- alias/CVE-2022-3236
- agent/event
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/tags
- agent/references
- collector/nvd-cve
- vendor/dahuasecurity
- canonical/dahuasecurity ipc-hum7xxx firmware
- canonical/dahuasecurity ipc-hum7xxx
- canonical/dahuasecurity ipc-hx3xxx firmware
- canonical/dahuasecurity ipc-hx3xxx
- canonical/dahuasecurity ipc-hx5xxx firmware
- canonical/dahuasecurity ipc-hx5xxx
- canonical/dahuasecurity nvr-1xxx firmware
- canonical/dahuasecurity nvr-1xxx
- canonical/dahuasecurity nvr-2xxx firmware
- canonical/dahuasecurity nvr-2xxx
- canonical/dahuasecurity nvr-4xxx firmware
- canonical/dahuasecurity nvr-4xxx
- canonical/dahuasecurity nvr-5xxx firmware
- canonical/dahuasecurity nvr-5xxx
- canonical/dahuasecurity nvr-6xx firmware
- canonical/dahuasecurity nvr-6xx
- canonical/dahuasecurity vth-542xh firmware
- canonical/dahuasecurity vth-542xh
- canonical/dahuasecurity vto-65xxx firmware
- canonical/dahuasecurity vto-65xxx
- canonical/dahuasecurity vto-75x95x firmware
- canonical/dahuasecurity vto-75x95x
- canonical/dahuasecurity xvr-4x04 firmware
- canonical/dahuasecurity xvr-4x04
- canonical/dahuasecurity xvr-4x08 firmware
- canonical/dahuasecurity xvr-4x08
- canonical/dahuasecurity xvr-5x04 firmware
- canonical/dahuasecurity xvr-5x04
- canonical/dahuasecurity xvr-5x08 firmware
- canonical/dahuasecurity xvr-5x08
- canonical/dahuasecurity xvr-5x16 firmware
- canonical/dahuasecurity xvr-5x16
- canonical/dahuasecurity xvr-7x16 firmware
- canonical/dahuasecurity xvr-7x16
- canonical/dahuasecurity xvr-7x32 firmware
- canonical/dahuasecurity xvr-7x32
- vendor/dahua
- canonical/dahua ip camera firmware