CVE-2021-33044 - Vulnerability Details

Description

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

Published: 2021-09-15

Score: 9.8 Critical

EPSS: 94.2% High

KEV: Yes

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

Some Dahua IP Camera, Video Intercom, PTZ Dome Camera, Thermal Camera devices

affected

Version	Status	Constraints
`Dahua IP Camera devices IPC-HX3XXX, IPC-HX5XXX, and IPC-HUM7XXX, Video Intercom devices VTO75X95X, VTO65XXX, and VTH542XH, PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL, Thermal TPC-BF1241, TPC-BF2221, TPC-SD2221, TPC-BF5XXX, TPC-SD8X21, and TPC-PT8X21B devices Buildtime before June, 2021.`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:dahuasecurity:ipc-hum7xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hum7xxx:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd1a1:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd22:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dahuasecurity:sd49_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd49:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf1241:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf2221:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-pt8x21b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-pt8x21b:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-sd2221:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:dahuasecurity:vto-65xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:vto-65xxx:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:dahuasecurity:vto-75x95x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:vto-75x95x:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:dahuasecurity:vth-542xh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:vth-542xh:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-bf5x21_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf5x21:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since Aug. 21, 2024.

The EPSS score is 0.94246.

Exploitation active

Automatable yes

Technical Impact total

References

Link	Providers
http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html
http://seclists.org/fulldisclosure/2021/Oct/13
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33044
https://www.dahuasecurity.com/support/cybersecurity/details/957

History

Mon, 10 Nov 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Dahuasecurity sd49 Dahuasecurity sd49 Firmware
CPEs	cpe:2.3:h:dahuasecurity:sd41:-:::::::* cpe:2.3:o:dahuasecurity:sd41_firmware::::::::	cpe:2.3:h:dahuasecurity:sd49:-:::::::* cpe:2.3:o:dahuasecurity:sd49_firmware::::::::
Vendors & Products	Dahuasecurity sd41 Dahuasecurity sd41 Firmware	Dahuasecurity sd49 Dahuasecurity sd49 Firmware

Wed, 22 Oct 2025 00:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33044

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33044

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33044

Wed, 30 Jul 2025 02:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Dahuasecurity Ipc-hum7xxx Ipc-hum7xxx Firmware Ipc-hx3xxx Ipc-hx3xxx Firmware Ipc-hx5xxx Ipc-hx5xxx Firmware Sd1a1 Sd1a1 Firmware Sd22 Sd22 Firmware Sd49 Sd49 Firmware Sd50 Sd50 Firmware Sd52c Sd52c Firmware Sd6al Sd6al Firmware Tpc-bf1241 Tpc-bf1241 Firmware Tpc-bf2221 Tpc-bf2221 Firmware Tpc-bf5x01 Tpc-bf5x01 Firmware Tpc-bf5x21 Tpc-bf5x21 Firmware Tpc-pt8x21b Tpc-pt8x21b Firmware Tpc-sd2221 Tpc-sd2221 Firmware Tpc-sd8x21 Tpc-sd8x21 Firmware Vth-542xh Vth-542xh Firmware Vto-65xxx Vto-65xxx Firmware Vto-75x95x Vto-75x95x Firmware

MITRE

Status: PUBLISHED

Assigner: dahua

Published: 2021-09-15T21:36:04.000Z

Updated: 2026-01-12T19:53:16.325Z

Reserved: 2021-05-17T00:00:00.000Z

Link: CVE-2021-33044

Vulnrichment

Updated: 2024-08-03T23:42:19.261Z

NVD

Status : Analyzed

Published: 2021-09-15T22:15:10.497

Modified: 2026-01-13T22:20:28.687

Link: CVE-2021-33044

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-287

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object