Vulnerabilites related to dahuasecurity - nvr5xxx_firmware
Vulnerability from fkie_nvd
Published
2022-01-13 21:15
Modified
2024-11-21 06:08
Severity ?
Summary
Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.
Impacted products
Vendor Product Version
dahuasecurity ipc-hx1xxx_firmware *
dahuasecurity ipc-hx1xxx -
dahuasecurity ipc-hx2xxx_firmware *
dahuasecurity ipc-hx2xxx -
dahuasecurity ipc-hx3xxx_firmware *
dahuasecurity ipc-hx3xxx -
dahuasecurity ipc-hx5\(4\)\(3\)xxx_firmware *
dahuasecurity ipc-hx5\(4\)\(3\)xxx -
dahuasecurity ipc-hx5xxx_firmware *
dahuasecurity ipc-hx5xxx -
dahuasecurity sd1a1_firmware *
dahuasecurity sd1a1 -
dahuasecurity sd22_firmware *
dahuasecurity sd22 -
dahuasecurity sd49_firmware *
dahuasecurity sd49 -
dahuasecurity sd50_firmware *
dahuasecurity sd50 -
dahuasecurity sd52c_firmware *
dahuasecurity sd52c -
dahuasecurity sd6al_firmware *
dahuasecurity sd6al -
dahuasecurity tpc-bf1241_firmware *
dahuasecurity tpc-bf1241 -
dahuasecurity tpc-bf2221_firmware *
dahuasecurity tpc-bf2221 -
dahuasecurity tpc-bf5x01_firmware *
dahuasecurity tpc-bf5x01 -
dahuasecurity tpc-pt8x21x_firmware *
dahuasecurity tpc-pt8x21x -
dahuasecurity tpc-sd2221_firmware *
dahuasecurity tpc-sd2221 -
dahuasecurity tpc-sd8x21_firmware *
dahuasecurity tpc-sd8x21 -
dahuasecurity nvr1xxx_firmware *
dahuasecurity nvr1xxx -
dahuasecurity nvr2xxx_firmware *
dahuasecurity nvr2xxx -
dahuasecurity nvr4xxx_firmware *
dahuasecurity nvr4xxx -
dahuasecurity nvr5xxx_firmware *
dahuasecurity nvr5xxx -
dahuasecurity xvr4xxx_firmware *
dahuasecurity xvr4xxx -
dahuasecurity xvr5xxx_firmware *
dahuasecurity xvr5xxx -
dahuasecurity xvr7xxx_firmware *
dahuasecurity xvr7xxx -
dahuasecurity hcvr7xxx_firmware *
dahuasecurity hcvr7xxx -
dahuasecurity hcvr8xxx_firmware *
dahuasecurity hcvr8xxx -
dahuasecurity vtox20xf_firmware *
dahuasecurity vtox20xf -
dahuasecurity asc2204c_firmware *
dahuasecurity asc2204c -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx1xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2BB15A66-CCC4-4CA8-AF25-D8D9A81BE796",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx1xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BC27C4B9-35AA-4CD1-8E30-97D79CA76B30",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB50E813-E761-4575-B670-4C7F812952CB",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5B8887C8-C335-4EBB-BC7F-D4F8D8205DAE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4EC72741-163E-4659-B3F4-D161925F3DE6",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "8936A118-4AB5-4B09-A9FD-E624A68315BD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx5\\(4\\)\\(3\\)xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "40C35319-8C5A-461C-AB41-989B63EF19CB",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx5\\(4\\)\\(3\\)xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F079822C-4C64-41E3-9A17-F9A56D5B5E91",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9AA70CB5-B4C0-48D3-ACE8-FF846083BB70",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F2838BDA-97FF-498E-BC81-955D31B9227A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4C3A6AD-19F7-4325-89B4-944B8393C739",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd1a1:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "88AD58DE-D990-4C98-853B-21B79CD07EEC",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0ECB8CCE-F925-437B-8B6E-4690B92D4F80",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd22:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "428852DE-BDE3-4CE4-972C-821E88C7F930",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd49_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "31D5F604-135F-4F17-8093-EE8AEA0408AF",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd49:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "627C0AE8-01B2-4807-8284-EFE6140598B5",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8EBB0CC4-4B58-46A4-83FC-11744B2A145B",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "984AD4D5-D689-4150-A1EE-D48B81CBB7C8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DFAF598-BDBD-4351-A72A-136F606AD8D5",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BA0D206-5BE7-4592-8D3E-641F47164770",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F61D99F5-DE6B-445F-93B6-ECC2DFC41122",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C35F4371-334B-4EA8-8F48-498C81652F7C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC6412DA-4BC4-4326-91DF-7F26572CEFA4",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:tpc-bf1241:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "73B58CBF-EB67-4F02-BBAE-FFC329B8873C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A7D5E183-2F9C-4B81-AC1E-B7C3420594C2",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:tpc-bf2221:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2E314BF6-76B4-4ADB-B555-7DAF92F60485",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D95CC99-5249-4F67-B318-11F68CD42BBA",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7EA0704-EC7A-457A-9AC1-A39B07229DFE",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:tpc-pt8x21x_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A231CFA-4CBB-4B0B-AC9D-3BAAA1B0A78B",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:tpc-pt8x21x:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "296AE38D-36C0-430F-BFB2-9FB2B5087C83",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "63FB807B-14F6-4D09-BF06-039BDD7C6F19",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:tpc-sd2221:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "D166CD0E-92CC-44FA-A520-FFFEBE2D7D50",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A29734EC-0A1D-40F4-9A77-59D64A552975",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "75A88A53-91D8-4019-95EB-F6FEFF469F9A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:nvr1xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA1B61BC-4D6E-4AFA-8F43-CEB88E8084FB",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:nvr1xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E209BDB-4D44-4ABB-A5EC-0EC46C6EFE48",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:nvr2xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "84EA30CA-F1CD-4FC6-A2DC-5DED62E85583",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:nvr2xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6B0F1A0B-4C7A-4763-BACC-A4D277F7DA6A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:nvr4xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E87CB4D6-9237-4D20-B494-DEABA7836BC6",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:nvr4xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "994D8768-F93B-4AE0-A2DD-11A24C14882E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:nvr5xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C19D24F8-1FF6-4B80-B9A6-6C6E0174EC71",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:nvr5xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "DA773F1A-D8CB-4B86-AEF6-7EBFC8A638B8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:xvr4xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E215F5B8-A229-4EC1-B029-05DE9B14CA55",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:xvr4xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "21BCC22E-3CBD-48E9-A92F-B1478B12D047",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:xvr5xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E3564DD5-7C1B-4DF2-BB44-B9A58BBA7E4A",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:xvr5xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "84B3EDC6-6D9F-4B3D-A155-CD82D330CC3F",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:xvr7xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFE5E8C5-A7D2-4962-BBB0-8507F41B35B8",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:xvr7xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "036DF596-F7AE-48FC-A862-2F5267B4B5C8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:hcvr7xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F49454AC-EB35-41A5-9CC8-3116C02B447E",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:hcvr7xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF15D7BC-70E1-43E3-B54E-9848F67E9AE2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:hcvr8xxx_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9EFA83B-4DC1-4936-BDCA-0A3846201F6F",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:hcvr8xxx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7DF9BAE-3446-438B-BD14-0E450815CFEF",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:vtox20xf_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADE8A4D8-1D43-4241-B723-FAD1A8804688",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:vtox20xf:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A17A30F-F376-4438-A331-372DC1AA4073",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:dahuasecurity:asc2204c_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8EEB9746-4F02-4125-9022-C7D995B8C1B5",
                     versionEndIncluding: "2021-7",
                     versionStartIncluding: "2017-7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:dahuasecurity:asc2204c:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "421A373F-AC77-4CAF-BE0F-D53F4E29D520",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.",
      },
      {
         lang: "es",
         value: "Algunos productos Dahua presentan una vulnerabilidad de control de acceso en el proceso de restablecimiento de la contraseña. Los atacantes pueden explotar esta vulnerabilidad mediante implementaciones específicas para restablecer las contraseñas de los dispositivos",
      },
   ],
   id: "CVE-2021-33046",
   lastModified: "2024-11-21T06:08:11.233",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-01-13T21:15:07.753",
   references: [
      {
         source: "cybersecurity@dahuatech.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.dahuatech.com/networkSecurity/securityDetails?id=95",
      },
      {
         source: "cybersecurity@dahuatech.com",
         tags: [
            "Not Applicable",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/957",
      },
      {
         source: "cybersecurity@dahuatech.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/987",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.dahuatech.com/networkSecurity/securityDetails?id=95",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Not Applicable",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/957",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.dahuasecurity.com/support/cybersecurity/details/987",
      },
   ],
   sourceIdentifier: "cybersecurity@dahuatech.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2021-33046
Vulnerability from cvelistv5
Published
2022-01-13 20:27
Modified
2024-08-03 23:42
Severity ?
Summary
Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.
Impacted products
Vendor Product Version
n/a Access control vulnerability found in some Dahua products Version: Dahua IP Camera devices IPC-HX3XXX, and IPC-HX5XXX
Version: PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL
Version: Thermal TPC-BF1241,TPC-BF2221, TPC-SD2221
Version: VTO2101E, VTOX221E, and ASC2204C devices Buildtime between 2017/7 ~ 2021/7. NVR devices NVR4XXX, and NVR5XXX
Version: XVR devices XVR4XXX, and XVR5XXX
Version: HCVR devices HCVR7XXX, and HCVR8XXX devices Buildtime between 2017/1 ~ 2021/7.
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T23:42:19.550Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.dahuasecurity.com/support/cybersecurity/details/957",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.dahuasecurity.com/support/cybersecurity/details/987",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.dahuatech.com/networkSecurity/securityDetails?id=95",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Access control vulnerability found in some Dahua products",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "Dahua IP Camera devices IPC-HX3XXX, and IPC-HX5XXX",
                  },
                  {
                     status: "affected",
                     version: "PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL",
                  },
                  {
                     status: "affected",
                     version: "Thermal TPC-BF1241,TPC-BF2221, TPC-SD2221",
                  },
                  {
                     status: "affected",
                     version: "VTO2101E, VTOX221E, and ASC2204C devices Buildtime between 2017/7 ~ 2021/7.  NVR devices NVR4XXX, and NVR5XXX",
                  },
                  {
                     status: "affected",
                     version: "XVR devices XVR4XXX, and XVR5XXX",
                  },
                  {
                     status: "affected",
                     version: "HCVR devices HCVR7XXX, and HCVR8XXX devices Buildtime between 2017/1 ~ 2021/7.",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Access control",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-01-14T18:49:15",
            orgId: "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            shortName: "dahua",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.dahuasecurity.com/support/cybersecurity/details/957",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.dahuasecurity.com/support/cybersecurity/details/987",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.dahuatech.com/networkSecurity/securityDetails?id=95",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cybersecurity@dahuatech.com",
               ID: "CVE-2021-33046",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Access control vulnerability found in some Dahua products",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "Dahua IP Camera devices IPC-HX3XXX, and IPC-HX5XXX",
                                       },
                                       {
                                          version_value: "PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL",
                                       },
                                       {
                                          version_value: "Thermal TPC-BF1241,TPC-BF2221, TPC-SD2221",
                                       },
                                       {
                                          version_value: "VTO2101E, VTOX221E, and ASC2204C devices Buildtime between 2017/7 ~ 2021/7.  NVR devices NVR4XXX, and NVR5XXX",
                                       },
                                       {
                                          version_value: "XVR devices XVR4XXX, and XVR5XXX",
                                       },
                                       {
                                          version_value: "HCVR devices HCVR7XXX, and HCVR8XXX devices Buildtime between 2017/1 ~ 2021/7.",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Access control",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.dahuasecurity.com/support/cybersecurity/details/957",
                     refsource: "MISC",
                     url: "https://www.dahuasecurity.com/support/cybersecurity/details/957",
                  },
                  {
                     name: "https://www.dahuasecurity.com/support/cybersecurity/details/987",
                     refsource: "CONFIRM",
                     url: "https://www.dahuasecurity.com/support/cybersecurity/details/987",
                  },
                  {
                     name: "https://support.dahuatech.com/networkSecurity/securityDetails?id=95",
                     refsource: "CONFIRM",
                     url: "https://support.dahuatech.com/networkSecurity/securityDetails?id=95",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
      assignerShortName: "dahua",
      cveId: "CVE-2021-33046",
      datePublished: "2022-01-13T20:27:13",
      dateReserved: "2021-05-17T00:00:00",
      dateUpdated: "2024-08-03T23:42:19.550Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}