Vulnerabilites related to dahuasecurity - hcvr8xxx
Vulnerability from fkie_nvd
Published
2022-01-13 21:15
Modified
2024-11-21 06:08
Severity ?
Summary
Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hx1xxx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB15A66-CCC4-4CA8-AF25-D8D9A81BE796",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hx1xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC27C4B9-35AA-4CD1-8E30-97D79CA76B30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB50E813-E761-4575-B670-4C7F812952CB",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8887C8-C335-4EBB-BC7F-D4F8D8205DAE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EC72741-163E-4659-B3F4-D161925F3DE6",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8936A118-4AB5-4B09-A9FD-E624A68315BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hx5\\(4\\)\\(3\\)xxx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40C35319-8C5A-461C-AB41-989B63EF19CB",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hx5\\(4\\)\\(3\\)xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F079822C-4C64-41E3-9A17-F9A56D5B5E91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AA70CB5-B4C0-48D3-ACE8-FF846083BB70",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2838BDA-97FF-498E-BC81-955D31B9227A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C3A6AD-19F7-4325-89B4-944B8393C739",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:sd1a1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88AD58DE-D990-4C98-853B-21B79CD07EEC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0ECB8CCE-F925-437B-8B6E-4690B92D4F80",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:sd22:-:*:*:*:*:*:*:*",
"matchCriteriaId": "428852DE-BDE3-4CE4-972C-821E88C7F930",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:sd49_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31D5F604-135F-4F17-8093-EE8AEA0408AF",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:sd49:-:*:*:*:*:*:*:*",
"matchCriteriaId": "627C0AE8-01B2-4807-8284-EFE6140598B5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EBB0CC4-4B58-46A4-83FC-11744B2A145B",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "984AD4D5-D689-4150-A1EE-D48B81CBB7C8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DFAF598-BDBD-4351-A72A-136F606AD8D5",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA0D206-5BE7-4592-8D3E-641F47164770",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F61D99F5-DE6B-445F-93B6-ECC2DFC41122",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C35F4371-334B-4EA8-8F48-498C81652F7C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC6412DA-4BC4-4326-91DF-7F26572CEFA4",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:tpc-bf1241:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73B58CBF-EB67-4F02-BBAE-FFC329B8873C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D5E183-2F9C-4B81-AC1E-B7C3420594C2",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:tpc-bf2221:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E314BF6-76B4-4ADB-B555-7DAF92F60485",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D95CC99-5249-4F67-B318-11F68CD42BBA",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EA0704-EC7A-457A-9AC1-A39B07229DFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:tpc-pt8x21x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A231CFA-4CBB-4B0B-AC9D-3BAAA1B0A78B",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:tpc-pt8x21x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "296AE38D-36C0-430F-BFB2-9FB2B5087C83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63FB807B-14F6-4D09-BF06-039BDD7C6F19",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:tpc-sd2221:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D166CD0E-92CC-44FA-A520-FFFEBE2D7D50",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A29734EC-0A1D-40F4-9A77-59D64A552975",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75A88A53-91D8-4019-95EB-F6FEFF469F9A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:nvr1xxx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA1B61BC-4D6E-4AFA-8F43-CEB88E8084FB",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:nvr1xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E209BDB-4D44-4ABB-A5EC-0EC46C6EFE48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:nvr2xxx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84EA30CA-F1CD-4FC6-A2DC-5DED62E85583",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:nvr2xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B0F1A0B-4C7A-4763-BACC-A4D277F7DA6A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:nvr4xxx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E87CB4D6-9237-4D20-B494-DEABA7836BC6",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:nvr4xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "994D8768-F93B-4AE0-A2DD-11A24C14882E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:nvr5xxx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C19D24F8-1FF6-4B80-B9A6-6C6E0174EC71",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:nvr5xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DA773F1A-D8CB-4B86-AEF6-7EBFC8A638B8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:xvr4xxx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E215F5B8-A229-4EC1-B029-05DE9B14CA55",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:xvr4xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "21BCC22E-3CBD-48E9-A92F-B1478B12D047",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:xvr5xxx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3564DD5-7C1B-4DF2-BB44-B9A58BBA7E4A",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:xvr5xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84B3EDC6-6D9F-4B3D-A155-CD82D330CC3F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:xvr7xxx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE5E8C5-A7D2-4962-BBB0-8507F41B35B8",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:xvr7xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "036DF596-F7AE-48FC-A862-2F5267B4B5C8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:hcvr7xxx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F49454AC-EB35-41A5-9CC8-3116C02B447E",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:hcvr7xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF15D7BC-70E1-43E3-B54E-9848F67E9AE2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:hcvr8xxx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EFA83B-4DC1-4936-BDCA-0A3846201F6F",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:hcvr8xxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DF9BAE-3446-438B-BD14-0E450815CFEF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:vtox20xf_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE8A4D8-1D43-4241-B723-FAD1A8804688",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:vtox20xf:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A17A30F-F376-4438-A331-372DC1AA4073",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dahuasecurity:asc2204c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEB9746-4F02-4125-9022-C7D995B8C1B5",
"versionEndIncluding": "2021-7",
"versionStartIncluding": "2017-7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dahuasecurity:asc2204c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "421A373F-AC77-4CAF-BE0F-D53F4E29D520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords."
},
{
"lang": "es",
"value": "Algunos productos Dahua presentan una vulnerabilidad de control de acceso en el proceso de restablecimiento de la contrase\u00f1a. Los atacantes pueden explotar esta vulnerabilidad mediante implementaciones espec\u00edficas para restablecer las contrase\u00f1as de los dispositivos"
}
],
"id": "CVE-2021-33046",
"lastModified": "2024-11-21T06:08:11.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-13T21:15:07.753",
"references": [
{
"source": "cybersecurity@dahuatech.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.dahuatech.com/networkSecurity/securityDetails?id=95"
},
{
"source": "cybersecurity@dahuatech.com",
"tags": [
"Not Applicable"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
},
{
"source": "cybersecurity@dahuatech.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.dahuatech.com/networkSecurity/securityDetails?id=95"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/987"
}
],
"sourceIdentifier": "cybersecurity@dahuatech.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2021-33046
Vulnerability from cvelistv5
Published
2022-01-13 20:27
Modified
2024-08-03 23:42
Severity ?
EPSS score ?
Summary
Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dahuasecurity.com/support/cybersecurity/details/957 | x_refsource_MISC | |
| https://www.dahuasecurity.com/support/cybersecurity/details/987 | x_refsource_CONFIRM | |
| https://support.dahuatech.com/networkSecurity/securityDetails?id=95 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Access control vulnerability found in some Dahua products |
Version: Dahua IP Camera devices IPC-HX3XXX, and IPC-HX5XXX Version: PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL Version: Thermal TPC-BF1241,TPC-BF2221, TPC-SD2221 Version: VTO2101E, VTOX221E, and ASC2204C devices Buildtime between 2017/7 ~ 2021/7. NVR devices NVR4XXX, and NVR5XXX Version: XVR devices XVR4XXX, and XVR5XXX Version: HCVR devices HCVR7XXX, and HCVR8XXX devices Buildtime between 2017/1 ~ 2021/7. |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:42:19.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/987"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.dahuatech.com/networkSecurity/securityDetails?id=95"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Access control vulnerability found in some Dahua products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Dahua IP Camera devices IPC-HX3XXX, and IPC-HX5XXX"
},
{
"status": "affected",
"version": "PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL"
},
{
"status": "affected",
"version": "Thermal TPC-BF1241,TPC-BF2221, TPC-SD2221"
},
{
"status": "affected",
"version": "VTO2101E, VTOX221E, and ASC2204C devices Buildtime between 2017/7 ~ 2021/7. NVR devices NVR4XXX, and NVR5XXX"
},
{
"status": "affected",
"version": "XVR devices XVR4XXX, and XVR5XXX"
},
{
"status": "affected",
"version": "HCVR devices HCVR7XXX, and HCVR8XXX devices Buildtime between 2017/1 ~ 2021/7."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Access control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-14T18:49:15",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/987"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.dahuatech.com/networkSecurity/securityDetails?id=95"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@dahuatech.com",
"ID": "CVE-2021-33046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Access control vulnerability found in some Dahua products",
"version": {
"version_data": [
{
"version_value": "Dahua IP Camera devices IPC-HX3XXX, and IPC-HX5XXX"
},
{
"version_value": "PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL"
},
{
"version_value": "Thermal TPC-BF1241,TPC-BF2221, TPC-SD2221"
},
{
"version_value": "VTO2101E, VTOX221E, and ASC2204C devices Buildtime between 2017/7 ~ 2021/7. NVR devices NVR4XXX, and NVR5XXX"
},
{
"version_value": "XVR devices XVR4XXX, and XVR5XXX"
},
{
"version_value": "HCVR devices HCVR7XXX, and HCVR8XXX devices Buildtime between 2017/1 ~ 2021/7."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dahuasecurity.com/support/cybersecurity/details/957",
"refsource": "MISC",
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
},
{
"name": "https://www.dahuasecurity.com/support/cybersecurity/details/987",
"refsource": "CONFIRM",
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/987"
},
{
"name": "https://support.dahuatech.com/networkSecurity/securityDetails?id=95",
"refsource": "CONFIRM",
"url": "https://support.dahuatech.com/networkSecurity/securityDetails?id=95"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2021-33046",
"datePublished": "2022-01-13T20:27:13",
"dateReserved": "2021-05-17T00:00:00",
"dateUpdated": "2024-08-03T23:42:19.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}