#VU96447 Improper Authentication in Dahua Technology products - CVE-2021-33045
Published: August 22, 2024 / Updated: August 23, 2024
Vulnerability identifier: #VU96447
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2021-33045
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Dahua IPC-HX1XXX
Dahua IPC-HX2XXX
Dahua IPC-HX3XXX
Dahua IPC-HX5(4)(3)XXX
Dahua IPC-HX5XXX
Dahua IPC-HUM7XXX
Dahua IPC-HX8XXX
Dahua VTO75X95X
Dahua VTO65XXX
Dahua VTH542XH
Dahua NVR1XXX
Dahua NVR4XXX
Dahua NVR4x
Dahua NVR2XXX
Dahua NVR5XXX
Dahua NVR6XX
Dahua XVR5x16
Dahua XVR7x16
Dahua XVR5x08
Dahua XVR5x04
Dahua XVR7x32
Dahua XVR4x08
Dahua XVR4x04
Dahua IPC-HX1XXX
Dahua IPC-HX2XXX
Dahua IPC-HX3XXX
Dahua IPC-HX5(4)(3)XXX
Dahua IPC-HX5XXX
Dahua IPC-HUM7XXX
Dahua IPC-HX8XXX
Dahua VTO75X95X
Dahua VTO65XXX
Dahua VTH542XH
Dahua NVR1XXX
Dahua NVR4XXX
Dahua NVR4x
Dahua NVR2XXX
Dahua NVR5XXX
Dahua NVR6XX
Dahua XVR5x16
Dahua XVR7x16
Dahua XVR5x08
Dahua XVR5x04
Dahua XVR7x32
Dahua XVR4x08
Dahua XVR4x04
Software vendor:
Dahua Technology
Dahua Technology
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error when processing authentication requests. A remote attacker can bypass authentication process and gain unauthorized access to the device.Remediation
Install updates from vendor's website.