Main Vulnerability Database SB2021092126

SB2021092126 - Authentication bypass in multiple Dahua products

Published: September 21, 2021 Updated: August 23, 2024

Security Bulletin ID SB2021092126

Severity

Critical

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper Authentication (CVE-ID: CVE-2021-33044)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error when processing authentication requests. A remote attacker can bypass authentication process and gain unauthorized access to the device.

2) Improper Authentication (CVE-ID: CVE-2021-33045)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error when processing authentication requests. A remote attacker can bypass authentication process and gain unauthorized access to the device.

Remediation

Install update from vendor's website.

References

Vulnerable Software

Dahua IPC-HX1XXX: before 2.820.0000000.33.R.210705
Dahua IPC-HX2XXX: before 2.820.0000000.33.R.210705
Dahua IPC-HX3XXX: before 2.800.0000000.29.R.210630
Dahua IPC-HX5(4)(3)XXX: before 2.800.0000000.29.R.210630
Dahua IPC-HX5XXX: before 2.820.0000000.5.R.210705
Dahua IPC-HUM7XXX: before 2.820.0000000.5.R.210705
Dahua IPC-HX8XXX: before 2.800.0000000.14.R.210712
Dahua VTO75X95X: before 4.300.0000003.0.R.210714
Dahua VTO65XXX: before 4.300.0000004.0.R.210715
Dahua DHI-ASI7213Y-V3-T1: before 1.000.0000014.0.R.210823
Dahua VTH542XH: before 4.500.0000002.0.R.210715
Dahua SD1A1: before 2.812.0000007.0.R.210706
Dahua SD22: before 2.812.0000007.0.R.210706
Dahua SD49: before 2.812.0000007.0.R.210706
Dahua SD50: before 2.812.0000007.0.R.210706
Dahua SD52C: before 2.812.0000007.0.R.210706
Dahua SD6AL: before 2.812.0000007.0.R.210706
Dahua TPC-BF1241: before 2.630.0000000.6.R.210707
Dahua TPC-BF2221: before 2.630.0000000.10.R.210707
Dahua TPC-SD2221: before 2.630.0000000.7.R.210707
Dahua TPC-BF5X01: before 2.630.0000000.12.R.210707
Dahua TPC-BF5X21: before 2.630.0000000.8.R.210630
Dahua TPC-SD8X21: before 2.630.0000000.9.R.210706
Dahua TPC-PT8X21B: before 2.630.0000000.10.R.210701
Dahua NVR1XXX: before 4.001.0000005.1.R.210709
Dahua NVR4XXX: before 4.001.0000000.3.R.210710
Dahua NVR4x: before 4.001.0000001.0.R.210709
Dahua NVR2XXX: before 4.001.0000000.1.R.210710
Dahua NVR5XXX: before 4.001.0000000.0.R.210710
Dahua NVR6XX: before 4.001.0000001.1.R.210716
Dahua XVR5x16: before 4.001.0000000.9.R.210710
Dahua XVR7x16: before 4.001.0000000.9.R.210710
Dahua XVR5x08: before 4.001.0000000.9.R.210710
Dahua XVR5x04: before 4.001.0000000.14.R.210709
Dahua XVR7x32: before 4.001.0000003.1.R.210710
Dahua XVR4x08: before 4.001.0000000.15.R.210702
Dahua XVR4x04: before 4.001.0000000.14.R.210709

SB2021092126 - Authentication bypass in multiple Dahua products

Breakdown by Severity

Description

Remediation

References

Please verify you're human