CVE-2021-33044
CVE-2021-33044
In short
Attackers can bypass the login authentication on some Dahua devices by sending specially crafted data packets, gaining unauthorized access without needing valid credentials.
Technical detail
An authentication bypass vulnerability in Dahua products allows remote attackers to circumvent identity verification during the login process through malformed packet construction, resulting in unauthorized access to device administration functions without pre-existing credentials.
Summary generated and translated by AI from the official description.
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · Some Dahua IP Camera, Video Intercom, PTZ Dome Camera, Thermal Camera devicespublic PoCs found — 8
githubgithub.com/bp2008/DahuaLoginBypass★ 188githubgithub.com/umair-aziz025/dahua-cve-research★ 19githubgithub.com/Bd-Mutant7/DahuaLoginBypass★ 4githubgithub.com/Spy0x7/CVE-2021-33044★ 3githubgithub.com/haingn/LoHongCam-CVE-2021-33044★ 3githubgithub.com/eagle-nett/DAHUA_AUTH-BYPASS-CVE-2021-33044★ 1githubgithub.com/Baza-NATO/CVE-2021-33044★ 0cve_referencepacketstormsecurity.com/files/164423/Dahua-Authentication-Bypass.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →