CVE DATABASE / CVE-2021-33045
CVE-2021-33045
Dahua IP Camera Authentication Bypass Vulnerability
CVSS 9.8 · CRITICAL
⚠ CISA KEV — ACTIVELY EXPLOITED
On the CISA KEV catalog
Confirmed exploited in the wild. Added 2024-08-21.
Federal remediation due 2024-09-11.
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Summary
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
CVSS 3.1 breakdown
| Base score | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Dahuasecurity ipc-hum7xxx firmwareDahuasecurity ipc-hum7xxxDahuasecurity ipc-hx3xxx firmwareDahuasecurity ipc-hx3xxxDahuasecurity ipc-hx5xxx firmwareDahuasecurity ipc-hx5xxxDahuasecurity nvr-1xxx firmwareDahuasecurity nvr-1xxxDahuasecurity nvr-2xxx firmwareDahuasecurity nvr-2xxxDahuasecurity nvr-4xxx firmwareDahuasecurity nvr-4xxxDahuasecurity nvr-5xxx firmwareDahuasecurity nvr-5xxxDahuasecurity nvr-6xx firmwareDahuasecurity nvr-6xxDahuasecurity vth-542xh firmwareDahuasecurity vth-542xhDahuasecurity vto-65xxx firmwareDahuasecurity vto-65xxx
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html
- http://seclists.org/fulldisclosure/2021/Oct/13
- https://www.dahuasecurity.com/support/cybersecurity/details/957
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33045
Data: NIST NVD + CISA KEV. NVD last modified 2026-01-13. Always verify against the vendor advisory before acting.