CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2021-33045

CVSS 9.8v3.1pub. 2021-09-15upd. 2026-01-13

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Dahuasecurity Ipc Hum7xxx

    HW
    Dahuasecurity
    wszystkie wersje
  • Dahuasecurity Ipc Hum7xxx Firmware

    OS
    Dahuasecurity
    < 2.820.0000000.5.r.210705
  • Dahuasecurity Ipc Hx3xxx

    HW
    Dahuasecurity
    wszystkie wersje
  • Dahuasecurity Ipc Hx3xxx Firmware

    OS
    Dahuasecurity
    < 2.800.0000000.29.r.210630
  • Dahuasecurity Ipc Hx5xxx

    HW
    Dahuasecurity
    wszystkie wersje
  • Dahuasecurity Ipc Hx5xxx Firmware

    OS
    Dahuasecurity
    < 2.820.0000000.5.r.210705
  • Dahuasecurity Nvr 1xxx

    HW
    Dahuasecurity
    wszystkie wersje
  • Dahuasecurity Nvr 1xxx Firmware

    OS
    Dahuasecurity
    < 4.001.0000005.1.r.210709
  • Dahuasecurity Nvr 2xxx

    HW
    Dahuasecurity
    wszystkie wersje
  • Dahuasecurity Nvr 2xxx Firmware

    OS
    Dahuasecurity
    < 4.001.0000000.1.r.210710
  • Dahuasecurity Nvr 4xxx

    HW
    Dahuasecurity
    wszystkie wersje
  • Dahuasecurity Nvr 4xxx Firmware

    OS
    Dahuasecurity
    < 4.001.0000005.1.r.210713
  • Dahuasecurity Nvr 5xxx

    HW
    Dahuasecurity
    wszystkie wersje
  • Dahuasecurity Nvr 5xxx Firmware

    OS
    Dahuasecurity
    < 4.001.0000000.0.r.210710
  • Dahuasecurity Nvr 6xx

    HW
    Dahuasecurity
    wszystkie wersje
  • Dahuasecurity Nvr 6xx Firmware

    OS
    Dahuasecurity
    < 4.001.0000001.1.r.210716
  • Dahuasecurity Vth 542xh

    HW
    Dahuasecurity
    wszystkie wersje
  • Dahuasecurity Vth 542xh Firmware

    OS
    Dahuasecurity
    < 4.500.0000002.0.r.210715
  • Dahuasecurity Vto 65xxx

    HW
    Dahuasecurity
    wszystkie wersje
  • Dahuasecurity Vto 65xxx Firmware

    OS
    Dahuasecurity
    < 4.300.0000004.0.r.210715
  • Dahuasecurity Vto 75x95x

    HW
    Dahuasecurity
    wszystkie wersje
  • Dahuasecurity Vto 75x95x Firmware

    OS
    Dahuasecurity
    < 4.300.0000003.0.r.210714
  • Dahuasecurity Xvr 4x04

    HW
    Dahuasecurity
    wszystkie wersje
  • Dahuasecurity Xvr 4x04 Firmware

    OS
    Dahuasecurity
    < 4.001.0000001.1.r.210709
  • Dahuasecurity Xvr 4x08

    HW
    Dahuasecurity
    wszystkie wersje
  • Dahuasecurity Xvr 4x08 Firmware

    OS
    Dahuasecurity
    < 4.001.0000001.1.r.210709
  • Dahuasecurity Xvr 5x04

    HW
    Dahuasecurity
    wszystkie wersje
  • Dahuasecurity Xvr 5x04 Firmware

    OS
    Dahuasecurity
    < 4.001.0000003.1.r.210710
  • Dahuasecurity Xvr 5x08

    HW
    Dahuasecurity
    wszystkie wersje
  • Dahuasecurity Xvr 5x08 Firmware

    OS
    Dahuasecurity
    < 4.001.0000003.1.r.210710

CISA KEV — detailsi

Vendori
Dahua
Producti
IP Camera Firmware
Added to KEVi
August 21, 2024
Remediation deadline (US Federal)i
September 11, 2024(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 11 września 2024
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2021-33044CRITICAL9.8⚠ KEVten sam produkt

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attack...

CVE-2021-33046CRITICAL9.8ten sam produkt

Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit thi...

CVE-2020-9502CRITICAL9.8ten sam vendor

Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During n...

CVE-2019-9677CRITICAL9.8ten sam vendor

The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a...

CVE-2017-3223CRITICAL9.8ten sam vendor

Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the S...