#VU96446 Improper Authentication in Dahua Technology products - CVE-2021-33044
Published: August 22, 2024 / Updated: August 1, 2025
Vulnerability identifier: #VU96446
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2021-33044
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Dahua IPC-HX1XXX
Dahua IPC-HX2XXX
Dahua IPC-HX3XXX
Dahua IPC-HX5(4)(3)XXX
Dahua IPC-HX5XXX
Dahua IPC-HUM7XXX
Dahua IPC-HX8XXX
Dahua VTO75X95X
Dahua VTO65XXX
Dahua DHI-ASI7213Y-V3-T1
Dahua VTH542XH
Dahua SD1A1
Dahua SD22
Dahua SD49
Dahua SD50
Dahua SD52C
Dahua SD6AL
Dahua TPC-BF1241
Dahua TPC-BF2221
Dahua TPC-SD2221
Dahua TPC-BF5X01
Dahua TPC-BF5X21
Dahua TPC-SD8X21
Dahua TPC-PT8X21B
Dahua IPC-HX1XXX
Dahua IPC-HX2XXX
Dahua IPC-HX3XXX
Dahua IPC-HX5(4)(3)XXX
Dahua IPC-HX5XXX
Dahua IPC-HUM7XXX
Dahua IPC-HX8XXX
Dahua VTO75X95X
Dahua VTO65XXX
Dahua DHI-ASI7213Y-V3-T1
Dahua VTH542XH
Dahua SD1A1
Dahua SD22
Dahua SD49
Dahua SD50
Dahua SD52C
Dahua SD6AL
Dahua TPC-BF1241
Dahua TPC-BF2221
Dahua TPC-SD2221
Dahua TPC-BF5X01
Dahua TPC-BF5X21
Dahua TPC-SD8X21
Dahua TPC-PT8X21B
Software vendor:
Dahua Technology
Dahua Technology
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error when processing authentication requests. A remote attacker can bypass authentication process and gain unauthorized access to the device.
Remediation
Install updates from vendor's website.