CVE-2021-33046

Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.

CVSS v3.0 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.dahuasecurity.com/support/cybersecurity/details/957	Not Applicable
https://www.dahuasecurity.com/support/cybersecurity/details/987	Vendor Advisory
https://support.dahuatech.com/networkSecurity/securityDetails?id=95	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dahuasecurity:ipc-hx1xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx1xxx:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx2xxx:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dahuasecurity:ipc-hx5\(4\)\(3\)xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx5\(4\)\(3\)xxx:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd1a1:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd22:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:dahuasecurity:sd49_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd49:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf1241:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf2221:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:dahuasecurity:tpc-pt8x21x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-pt8x21x:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-sd2221:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:dahuasecurity:nvr1xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr1xxx:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:dahuasecurity:nvr2xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr2xxx:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:dahuasecurity:nvr4xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr4xxx:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:dahuasecurity:nvr5xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:nvr5xxx:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:dahuasecurity:xvr4xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr4xxx:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:dahuasecurity:xvr5xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr5xxx:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:dahuasecurity:xvr7xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:xvr7xxx:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:dahuasecurity:hcvr7xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:hcvr7xxx:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:dahuasecurity:hcvr8xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:hcvr8xxx:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:dahuasecurity:vtox20xf_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:vtox20xf:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:dahuasecurity:asc2204c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:asc2204c:-:*:*:*:*:*:*:*

Information

Published : 2022-01-13 13:15

Updated : 2022-01-25 07:13

NVD link : CVE-2021-33046

Mitre link : CVE-2021-33046

JSON object : View

CWE

CWE-287

Improper Authentication

Products Affected

dahuasecurity

ipc-hx3xxx
ipc-hx1xxx_firmware
tpc-pt8x21x_firmware
xvr7xxx_firmware
nvr1xxx
ipc-hx5xxx_firmware
tpc-sd2221_firmware
hcvr7xxx_firmware
vtox20xf_firmware
nvr4xxx
ipc-hx5\(4\)\(3\)xxx_firmware
tpc-bf2221
xvr4xxx
nvr1xxx_firmware
xvr4xxx_firmware
sd6al
ipc-hx1xxx
sd49
xvr5xxx
ipc-hx2xxx
hcvr8xxx
ipc-hx2xxx_firmware
tpc-bf5x01_firmware
vtox20xf
asc2204c
hcvr7xxx
sd50_firmware
asc2204c_firmware
sd6al_firmware
ipc-hx5xxx
xvr7xxx
sd50
tpc-sd8x21_firmware
sd52c_firmware
tpc-bf2221_firmware
sd52c
nvr5xxx_firmware
nvr4xxx_firmware
sd1a1
tpc-sd2221
tpc-bf1241_firmware
tpc-sd8x21
tpc-pt8x21x
sd49_firmware
ipc-hx5\(4\)\(3\)xxx
nvr2xxx_firmware
nvr5xxx
sd22_firmware
tpc-bf1241
xvr5xxx_firmware
sd22
tpc-bf5x01
ipc-hx3xxx_firmware
hcvr8xxx_firmware
sd1a1_firmware
nvr2xxx

9.8 /10