CVE-2021-33044: CVE-2021-33044

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-33044

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Dahua IPC 授权问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Dahua IPC是中国大华（Dahua）公司的大华的一系列工控机。 Dahua IPC存在安全漏洞，攻击者可利用该漏洞通过构造恶意数据包绕过设备身份验证

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	Some Dahua IP Camera, Video Intercom, PTZ Dome Camera, Thermal Camera devices	Dahua IP Camera devices IPC-HX3XXX, IPC-HX5XXX, and IPC-HUM7XXX, Video Intercom devices VTO75X95X, VTO65XXX, and VTH542XH, PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL, Thermal TPC-BF1241, TPC-BF2221, TPC-SD2221, TPC-BF5XXX, TPC-SD8X21, and T	-

II. Public POCs for CVE-2021-33044

#	POC Description	Source Link	Shenlong Link
1	Chrome extension that uses vulnerabilities CVE-2021-33044 and CVE-2021-33045 to log in to Dahua cameras without authentication.	https://github.com/bp2008/DahuaLoginBypass	POC Details
2	Dahua IPC/VTH/VTO devices auth bypass exploit	https://github.com/dorkerdevil/CVE-2021-33044	POC Details
3	None	https://github.com/haingn/LoHongCam-CVE-2021-33044	POC Details
4	Dahua IPC/VTH/VTO devices auth bypass exploit	https://github.com/Spy0x7/CVE-2021-33044	POC Details
5	Some Dahua products contain an authentication bypass during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-33044.yaml	POC Details
6	dahua-authentication-bypass	https://github.com/chaitin/xray-plugins/blob/main/poc/manual/dahua-cve-2021-33044-authentication-bypass.yml	POC Details
7	None	https://github.com/Baza-NATO/CVE-2021-33044	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-33044

Please Login to view more intelligence information

https://www.dahuasecurity.com/support/cybersecurity/details/957x_refsource_MISC
http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.htmlx_refsource_MISC
http://seclists.org/fulldisclosure/2021/Oct/13mailing-listx_refsource_FULLDISC
https://nvd.nist.gov/vuln/detail/CVE-2021-33044

IV. Related Vulnerabilities

Same vendor: n/a

V. Comments for CVE-2021-33044

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2021-33044

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-33044

III. Intelligence Information for CVE-2021-33044

IV. Related Vulnerabilities

V. Comments for CVE-2021-33044

Leave a comment