Lucene search

[email protected]NVD:CVE-2021-33044

HistorySep 15, 2021 - 10:15 p.m.

CVE-2021-33044

2021-09-1522:15:10

CWE-287

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.226 Low

EPSS

Percentile

96.5%

JSON

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

Affected configurations

NVD

Node

dahuasecurityipc-hum7xxx_firmwareRange<2.820.0000000.5.r.210705

AND

dahuasecurityipc-hum7xxxMatch-

Node

dahuasecurityipc-hx3xxx_firmwareRange<2.800.0000000.29.r.210630

AND

dahuasecurityipc-hx3xxxMatch-

Node

dahuasecurityipc-hx5xxx_firmwareRange<2.820.0000000.18.r.210705

AND

dahuasecurityipc-hx5xxxMatch-

Node

dahuasecuritysd1a1_firmwareRange<2.812.0000007.0.r.210706

AND

dahuasecuritysd1a1Match-

Node

dahuasecuritysd22_firmwareRange<2.812.0000007.0.r.210706

AND

dahuasecuritysd22Match-

Node

dahuasecuritysd41_firmwareRange<2.812.0000007.0.r.210706

AND

dahuasecuritysd41Match-

Node

dahuasecuritysd50_firmwareRange<2.812.0000007.0.r.210706

AND

dahuasecuritysd50Match-

Node

dahuasecuritysd52c_firmwareRange<2.812.0000007.0.r.210706

AND

dahuasecuritysd52cMatch-

Node

dahuasecuritysd6al_firmwareRange<2.812.0000007.0.r.210706

AND

dahuasecuritysd6alMatch-

Node

dahuasecuritytpc-bf1241_firmwareRange<2.630.0000000.6.r.210707

AND

dahuasecuritytpc-bf1241Match-

Node

dahuasecuritytpc-bf2221_firmwareRange<2.630.0000000.10.r.210707

AND

dahuasecuritytpc-bf2221Match-

Node

dahuasecuritytpc-bf5x01_firmwareRange<2.630.0000000.12.r.210707

AND

dahuasecuritytpc-bf5x01Match-

Node

dahuasecuritytpc-pt8x21b_firmwareRange<2.630.0000000.10.r.210701

AND

dahuasecuritytpc-pt8x21bMatch-

Node

dahuasecuritytpc-sd2221_firmwareRange≤2.630.0000000.7.r.210707

AND

dahuasecuritytpc-sd2221Match-

Node

dahuasecuritytpc-sd8x21_firmwareRange<2.630.0000000.9.r.210706

AND

dahuasecuritytpc-sd8x21Match-

Node

dahuasecurityvto-65xxx_firmwareRange<4.300.0000004.0.r.210715

AND

dahuasecurityvto-65xxxMatch-

Node

dahuasecurityvto-75x95x_firmwareRange<4.300.0000003.0.r.210714

AND

dahuasecurityvto-75x95xMatch-

Node

dahuasecurityvth-542xh_firmwareRange<4.500.0000002.0.r.210715

AND

dahuasecurityvth-542xhMatch-

Node

dahuasecuritytpc-bf5x21_firmwareRange<2.630.0000000.8.r.210630

AND

dahuasecuritytpc-bf5x21Match-

References

packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html

seclists.org/fulldisclosure/2021/Oct/13

www.dahuasecurity.com/support/cybersecurity/details/957

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.226 Low

EPSS

Percentile

96.5%

JSON

Related for NVD:CVE-2021-33044

nuclei1 jvn1 githubexploit2 cnvd2 prion1 cve1 cvelist1 openvas1 packetstorm1 zdt1