TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2021-33045

CRITICALCISA KEV
9.8

Beschreibung

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

CVE Details

CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht9/15/2021
Zuletzt geandert1/13/2026
Quellekev
Honeypot-Sichtungen0

CISA KEV

HerstellerDahua
ProduktIP Camera Firmware
SchwachstellennameDahua IP Camera Authentication Bypass Vulnerability
KEV Aufnahmedatum2024-08-21
Behebungsfrist2024-09-11
Ransomware-NutzungUnknown

Betroffene Produkte

dahuasecurity:ipc-hum7xxxdahuasecurity:ipc-hum7xxx_firmwaredahuasecurity:ipc-hx3xxxdahuasecurity:ipc-hx3xxx_firmwaredahuasecurity:ipc-hx5xxxdahuasecurity:ipc-hx5xxx_firmwaredahuasecurity:nvr-1xxxdahuasecurity:nvr-1xxx_firmwaredahuasecurity:nvr-2xxxdahuasecurity:nvr-2xxx_firmwaredahuasecurity:nvr-4xxxdahuasecurity:nvr-4xxx_firmwaredahuasecurity:nvr-5xxxdahuasecurity:nvr-5xxx_firmwaredahuasecurity:nvr-6xxdahuasecurity:nvr-6xx_firmwaredahuasecurity:vth-542xhdahuasecurity:vth-542xh_firmwaredahuasecurity:vto-65xxxdahuasecurity:vto-65xxx_firmwaredahuasecurity:vto-75x95xdahuasecurity:vto-75x95x_firmwaredahuasecurity:xvr-4x04dahuasecurity:xvr-4x04_firmwaredahuasecurity:xvr-4x08dahuasecurity:xvr-4x08_firmwaredahuasecurity:xvr-5x04dahuasecurity:xvr-5x04_firmwaredahuasecurity:xvr-5x08dahuasecurity:xvr-5x08_firmwaredahuasecurity:xvr-5x16dahuasecurity:xvr-5x16_firmwaredahuasecurity:xvr-7x16dahuasecurity:xvr-7x16_firmwaredahuasecurity:xvr-7x32dahuasecurity:xvr-7x32_firmware

Schwachen (CWE)

CWE-287CWE-287

Referenzen

http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html(cybersecurity@dahuatech.com)
http://seclists.org/fulldisclosure/2021/Oct/13(cybersecurity@dahuatech.com)
https://www.dahuasecurity.com/support/cybersecurity/details/957(cybersecurity@dahuatech.com)
http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2021/Oct/13(af854a3a-2127-422b-91ae-364da2661108)
https://www.dahuasecurity.com/support/cybersecurity/details/957(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33045(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.