← back
CVE-2021-33045

CVE-2021-33045

CVSS 9.8 CRITICALEPSS 99.6%● KEVCWE-287
In short

Dahua devices have a critical flaw in their login process that allows attackers to bypass authentication by sending specially crafted data packets, potentially gaining unauthorized access to the device.

Technical detail

An authentication bypass vulnerability exists in Dahua product login mechanisms (CWE-287) where improper identity verification allows attackers to craft malicious packets to circumvent authentication checks without valid credentials. The remote, unauthenticated attack vector enables full device compromise with no user interaction required.

Summary generated and translated by AI from the official description.
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · Some Dahua IP Camera, Video Intercom, NVR, XVR devices
public PoCs found2
githubgithub.com/dongpohezui/cve-2021-330458cve_referencepacketstormsecurity.com/files/164423/Dahua-Authentication-Bypass.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.htmlhttp://seclists.org/fulldisclosure/2021/Oct/13https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33045https://www.dahuasecurity.com/support/cybersecurity/details/957