Attacker Value
Unknown
CVE-2021-33044
CVE-2021-33044
(Last updated August 22, 2024) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Initial Access
Techniques
Validation
Description
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
Add Assessment
1
Technical Analysis
On September 5th 2024, CISA released a security bulletin highlighting the cyber-attacks from a Russian actor. In this bulletin CISA confirmed and stated that this vulnerability was abused by the actor to bypass authentication and gain initial access through a vulnerable Dahua IP Camera.
Source: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High
General Information
Vendors
- dahuasecurity
Products
- ipc-hum7xxx firmware,
- ipc-hx3xxx firmware,
- ipc-hx5xxx firmware,
- sd1a1 firmware,
- sd22 firmware,
- sd41 firmware,
- sd50 firmware,
- sd52c firmware,
- sd6al firmware,
- tpc-bf1241 firmware,
- tpc-bf2221 firmware,
- tpc-bf5x01 firmware,
- tpc-bf5x21 firmware,
- tpc-pt8x21b firmware,
- tpc-sd2221 firmware,
- tpc-sd8x21 firmware,
- vth-542xh firmware,
- vto-65xxx firmware,
- vto-75x95x firmware
Exploited in the Wild
References
