Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to dahuasecurity - xvr4xxx_firmware

Vulnerability from fkie_nvd

Published

2022-01-13 21:15

Modified

2024-11-21 06:08

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.

References

URL	Tags
cybersecurity@dahuatech.com	https://support.dahuatech.com/networkSecurity/securityDetails?id=95	Vendor Advisory
cybersecurity@dahuatech.com	https://www.dahuasecurity.com/support/cybersecurity/details/957	Not Applicable
cybersecurity@dahuatech.com	https://www.dahuasecurity.com/support/cybersecurity/details/987	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.dahuatech.com/networkSecurity/securityDetails?id=95	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.dahuasecurity.com/support/cybersecurity/details/957	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	https://www.dahuasecurity.com/support/cybersecurity/details/987	Vendor Advisory

Impacted products

Vendor	Product	Version
dahuasecurity	ipc-hx1xxx_firmware	*
dahuasecurity	ipc-hx1xxx	-
dahuasecurity	ipc-hx2xxx_firmware	*
dahuasecurity	ipc-hx2xxx	-
dahuasecurity	ipc-hx3xxx_firmware	*
dahuasecurity	ipc-hx3xxx	-
dahuasecurity	ipc-hx5\(4\)\(3\)xxx_firmware	*
dahuasecurity	ipc-hx5\(4\)\(3\)xxx	-
dahuasecurity	ipc-hx5xxx_firmware	*
dahuasecurity	ipc-hx5xxx	-
dahuasecurity	sd1a1_firmware	*
dahuasecurity	sd1a1	-
dahuasecurity	sd22_firmware	*
dahuasecurity	sd22	-
dahuasecurity	sd49_firmware	*
dahuasecurity	sd49	-
dahuasecurity	sd50_firmware	*
dahuasecurity	sd50	-
dahuasecurity	sd52c_firmware	*
dahuasecurity	sd52c	-
dahuasecurity	sd6al_firmware	*
dahuasecurity	sd6al	-
dahuasecurity	tpc-bf1241_firmware	*
dahuasecurity	tpc-bf1241	-
dahuasecurity	tpc-bf2221_firmware	*
dahuasecurity	tpc-bf2221	-
dahuasecurity	tpc-bf5x01_firmware	*
dahuasecurity	tpc-bf5x01	-
dahuasecurity	tpc-pt8x21x_firmware	*
dahuasecurity	tpc-pt8x21x	-
dahuasecurity	tpc-sd2221_firmware	*
dahuasecurity	tpc-sd2221	-
dahuasecurity	tpc-sd8x21_firmware	*
dahuasecurity	tpc-sd8x21	-
dahuasecurity	nvr1xxx_firmware	*
dahuasecurity	nvr1xxx	-
dahuasecurity	nvr2xxx_firmware	*
dahuasecurity	nvr2xxx	-
dahuasecurity	nvr4xxx_firmware	*
dahuasecurity	nvr4xxx	-
dahuasecurity	nvr5xxx_firmware	*
dahuasecurity	nvr5xxx	-
dahuasecurity	xvr4xxx_firmware	*
dahuasecurity	xvr4xxx	-
dahuasecurity	xvr5xxx_firmware	*
dahuasecurity	xvr5xxx	-
dahuasecurity	xvr7xxx_firmware	*
dahuasecurity	xvr7xxx	-
dahuasecurity	hcvr7xxx_firmware	*
dahuasecurity	hcvr7xxx	-
dahuasecurity	hcvr8xxx_firmware	*
dahuasecurity	hcvr8xxx	-
dahuasecurity	vtox20xf_firmware	*
dahuasecurity	vtox20xf	-
dahuasecurity	asc2204c_firmware	*
dahuasecurity	asc2204c	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:ipc-hx1xxx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BB15A66-CCC4-4CA8-AF25-D8D9A81BE796",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:ipc-hx1xxx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC27C4B9-35AA-4CD1-8E30-97D79CA76B30",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB50E813-E761-4575-B670-4C7F812952CB",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B8887C8-C335-4EBB-BC7F-D4F8D8205DAE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EC72741-163E-4659-B3F4-D161925F3DE6",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8936A118-4AB5-4B09-A9FD-E624A68315BD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:ipc-hx5\\(4\\)\\(3\\)xxx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40C35319-8C5A-461C-AB41-989B63EF19CB",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:ipc-hx5\\(4\\)\\(3\\)xxx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F079822C-4C64-41E3-9A17-F9A56D5B5E91",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AA70CB5-B4C0-48D3-ACE8-FF846083BB70",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2838BDA-97FF-498E-BC81-955D31B9227A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4C3A6AD-19F7-4325-89B4-944B8393C739",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:sd1a1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "88AD58DE-D990-4C98-853B-21B79CD07EEC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ECB8CCE-F925-437B-8B6E-4690B92D4F80",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:sd22:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "428852DE-BDE3-4CE4-972C-821E88C7F930",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:sd49_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "31D5F604-135F-4F17-8093-EE8AEA0408AF",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:sd49:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "627C0AE8-01B2-4807-8284-EFE6140598B5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EBB0CC4-4B58-46A4-83FC-11744B2A145B",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "984AD4D5-D689-4150-A1EE-D48B81CBB7C8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DFAF598-BDBD-4351-A72A-136F606AD8D5",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA0D206-5BE7-4592-8D3E-641F47164770",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61D99F5-DE6B-445F-93B6-ECC2DFC41122",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C35F4371-334B-4EA8-8F48-498C81652F7C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC6412DA-4BC4-4326-91DF-7F26572CEFA4",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:tpc-bf1241:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "73B58CBF-EB67-4F02-BBAE-FFC329B8873C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7D5E183-2F9C-4B81-AC1E-B7C3420594C2",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:tpc-bf2221:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E314BF6-76B4-4ADB-B555-7DAF92F60485",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D95CC99-5249-4F67-B318-11F68CD42BBA",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7EA0704-EC7A-457A-9AC1-A39B07229DFE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:tpc-pt8x21x_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A231CFA-4CBB-4B0B-AC9D-3BAAA1B0A78B",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:tpc-pt8x21x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "296AE38D-36C0-430F-BFB2-9FB2B5087C83",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63FB807B-14F6-4D09-BF06-039BDD7C6F19",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:tpc-sd2221:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D166CD0E-92CC-44FA-A520-FFFEBE2D7D50",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A29734EC-0A1D-40F4-9A77-59D64A552975",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "75A88A53-91D8-4019-95EB-F6FEFF469F9A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:nvr1xxx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA1B61BC-4D6E-4AFA-8F43-CEB88E8084FB",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:nvr1xxx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E209BDB-4D44-4ABB-A5EC-0EC46C6EFE48",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:nvr2xxx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84EA30CA-F1CD-4FC6-A2DC-5DED62E85583",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:nvr2xxx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B0F1A0B-4C7A-4763-BACC-A4D277F7DA6A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:nvr4xxx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E87CB4D6-9237-4D20-B494-DEABA7836BC6",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:nvr4xxx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "994D8768-F93B-4AE0-A2DD-11A24C14882E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:nvr5xxx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C19D24F8-1FF6-4B80-B9A6-6C6E0174EC71",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:nvr5xxx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA773F1A-D8CB-4B86-AEF6-7EBFC8A638B8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:xvr4xxx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E215F5B8-A229-4EC1-B029-05DE9B14CA55",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:xvr4xxx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21BCC22E-3CBD-48E9-A92F-B1478B12D047",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:xvr5xxx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3564DD5-7C1B-4DF2-BB44-B9A58BBA7E4A",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:xvr5xxx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "84B3EDC6-6D9F-4B3D-A155-CD82D330CC3F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:xvr7xxx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFE5E8C5-A7D2-4962-BBB0-8507F41B35B8",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:xvr7xxx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "036DF596-F7AE-48FC-A862-2F5267B4B5C8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:hcvr7xxx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F49454AC-EB35-41A5-9CC8-3116C02B447E",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:hcvr7xxx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF15D7BC-70E1-43E3-B54E-9848F67E9AE2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:hcvr8xxx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9EFA83B-4DC1-4936-BDCA-0A3846201F6F",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:hcvr8xxx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7DF9BAE-3446-438B-BD14-0E450815CFEF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:vtox20xf_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADE8A4D8-1D43-4241-B723-FAD1A8804688",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:vtox20xf:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A17A30F-F376-4438-A331-372DC1AA4073",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:dahuasecurity:asc2204c_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EEB9746-4F02-4125-9022-C7D995B8C1B5",
              "versionEndIncluding": "2021-7",
              "versionStartIncluding": "2017-7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:dahuasecurity:asc2204c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "421A373F-AC77-4CAF-BE0F-D53F4E29D520",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords."
    },
    {
      "lang": "es",
      "value": "Algunos productos Dahua presentan una vulnerabilidad de control de acceso en el proceso de restablecimiento de la contrase\u00f1a. Los atacantes pueden explotar esta vulnerabilidad mediante implementaciones espec\u00edficas para restablecer las contrase\u00f1as de los dispositivos"
    }
  ],
  "id": "CVE-2021-33046",
  "lastModified": "2024-11-21T06:08:11.233",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-01-13T21:15:07.753",
  "references": [
    {
      "source": "cybersecurity@dahuatech.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.dahuatech.com/networkSecurity/securityDetails?id=95"
    },
    {
      "source": "cybersecurity@dahuatech.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
    },
    {
      "source": "cybersecurity@dahuatech.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dahuasecurity.com/support/cybersecurity/details/987"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.dahuatech.com/networkSecurity/securityDetails?id=95"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.dahuasecurity.com/support/cybersecurity/details/987"
    }
  ],
  "sourceIdentifier": "cybersecurity@dahuatech.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2021-33046

Vulnerability from cvelistv5

Published

2022-01-13 20:27

Modified

2024-08-03 23:42

Severity ?

Summary

Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.

References

▼	URL	Tags
	https://www.dahuasecurity.com/support/cybersecurity/details/957	x_refsource_MISC
	https://www.dahuasecurity.com/support/cybersecurity/details/987	x_refsource_CONFIRM
	https://support.dahuatech.com/networkSecurity/securityDetails?id=95	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

n/a

Access control vulnerability found in some Dahua products

Version: Dahua IP Camera devices IPC-HX3XXX, and IPC-HX5XXX
Version: PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL
Version: Thermal TPC-BF1241,TPC-BF2221, TPC-SD2221
Version: VTO2101E, VTOX221E, and ASC2204C devices Buildtime between 2017/7 ~ 2021/7. NVR devices NVR4XXX, and NVR5XXX
Version: XVR devices XVR4XXX, and XVR5XXX
Version: HCVR devices HCVR7XXX, and HCVR8XXX devices Buildtime between 2017/1 ~ 2021/7.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:42:19.550Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.dahuasecurity.com/support/cybersecurity/details/987"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.dahuatech.com/networkSecurity/securityDetails?id=95"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Access control vulnerability found in some Dahua products",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Dahua IP Camera devices IPC-HX3XXX, and IPC-HX5XXX"
            },
            {
              "status": "affected",
              "version": "PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL"
            },
            {
              "status": "affected",
              "version": "Thermal TPC-BF1241,TPC-BF2221, TPC-SD2221"
            },
            {
              "status": "affected",
              "version": "VTO2101E, VTOX221E, and ASC2204C devices Buildtime between 2017/7 ~ 2021/7.  NVR devices NVR4XXX, and NVR5XXX"
            },
            {
              "status": "affected",
              "version": "XVR devices XVR4XXX, and XVR5XXX"
            },
            {
              "status": "affected",
              "version": "HCVR devices HCVR7XXX, and HCVR8XXX devices Buildtime between 2017/1 ~ 2021/7."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Access control",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-14T18:49:15",
        "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "shortName": "dahua"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.dahuasecurity.com/support/cybersecurity/details/987"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.dahuatech.com/networkSecurity/securityDetails?id=95"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@dahuatech.com",
          "ID": "CVE-2021-33046",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Access control vulnerability found in some Dahua products",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Dahua IP Camera devices IPC-HX3XXX, and IPC-HX5XXX"
                          },
                          {
                            "version_value": "PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL"
                          },
                          {
                            "version_value": "Thermal TPC-BF1241,TPC-BF2221, TPC-SD2221"
                          },
                          {
                            "version_value": "VTO2101E, VTOX221E, and ASC2204C devices Buildtime between 2017/7 ~ 2021/7.  NVR devices NVR4XXX, and NVR5XXX"
                          },
                          {
                            "version_value": "XVR devices XVR4XXX, and XVR5XXX"
                          },
                          {
                            "version_value": "HCVR devices HCVR7XXX, and HCVR8XXX devices Buildtime between 2017/1 ~ 2021/7."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Access control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dahuasecurity.com/support/cybersecurity/details/957",
              "refsource": "MISC",
              "url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
            },
            {
              "name": "https://www.dahuasecurity.com/support/cybersecurity/details/987",
              "refsource": "CONFIRM",
              "url": "https://www.dahuasecurity.com/support/cybersecurity/details/987"
            },
            {
              "name": "https://support.dahuatech.com/networkSecurity/securityDetails?id=95",
              "refsource": "CONFIRM",
              "url": "https://support.dahuatech.com/networkSecurity/securityDetails?id=95"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
    "assignerShortName": "dahua",
    "cveId": "CVE-2021-33046",
    "datePublished": "2022-01-13T20:27:13",
    "dateReserved": "2021-05-17T00:00:00",
    "dateUpdated": "2024-08-03T23:42:19.550Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}