CVE-2021-33044

National Vulnerability Database Information

Descrizione: The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

Base Score CVSS: 9.8 (v3.1)

Il **Base Score CVSS** è un punteggio da **0 a 10** che rappresenta la gravità intrinseca di una vulnerabilità. Un punteggio più alto indica una gravità maggiore.

Riferimenti NVD

• http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html
• http://seclists.org/fulldisclosure/2021/Oct/13
• https://www.dahuasecurity.com/support/cybersecurity/details/957
• http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html
• http://seclists.org/fulldisclosure/2021/Oct/13
• https://www.dahuasecurity.com/support/cybersecurity/details/957

Exploit PoC da GitHub

• bp2008/DahuaLoginBypass: Chrome extension that uses vulnerabilities CVE-2021-33044 and CVE-2021-33045 to log in to Dahua cameras without authentication.
• Spy0x7/CVE-2021-33044: Dahua IPC/VTH/VTO devices auth bypass exploit
• jorhelp/Ingram: 网络摄像头漏洞扫描工具 | Webcam vulnerability scanning tool
• haingn/LoHongCam-CVE-2021-33044:
• Alonzozzz/alonzzzo: Changelog CVE-2021-33044,CVE-2021-33045 Identity authentication bypass vulnerability found in some Dahua products CVE-2021-27248,CVE-2021-27249,CVE-2021-27250,CVE-2021-34860,CVE-2021-34861,CVE-2021-34862,CVE-2021-34863 Multiple vulnerabilities in DAP-2020 H/W rev. Ax with F/W v1.01 and below HTTP Path Traversal CVE-2019-7406 RCE vulnerability in TP-Link Wi-Fi Extenders via a malformed user agent field in HTTP headers CVE-2020-2501,CVE-2021-28797 Stack Buffer Overflow in QNAP Surveillance Station CVE-2021-34730 Critical UPnP Service Flaw on Cisco Small Business RV Series Routers CVE-2020-35785 Multiple HTTP authentication vulnerabilities on DGN2200v1