CVE-2021-33046

Summary

Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.

Affected Software

VendorProductVersion RangeStatus
n/aAccess control vulnerability found in some Dahua productsDahua IP Camera devices IPC-HX3XXX, and IPC-HX5XXXaffected
n/aAccess control vulnerability found in some Dahua productsPTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6ALaffected
n/aAccess control vulnerability found in some Dahua productsThermal TPC-BF1241,TPC-BF2221, TPC-SD2221affected
n/aAccess control vulnerability found in some Dahua productsVTO2101E, VTOX221E, and ASC2204C devices Buildtime between 2017/7 ~ 2021/7. NVR devices NVR4XXX, and NVR5XXXaffected
n/aAccess control vulnerability found in some Dahua productsXVR devices XVR4XXX, and XVR5XXXaffected
n/aAccess control vulnerability found in some Dahua productsHCVR devices HCVR7XXX, and HCVR8XXX devices Buildtime between 2017/1 ~ 2021/7.affected

Weaknesses

  • Access control

ADP Enrichment

CVE Program Container

Additional References

References