Vulnerability Details : CVE-2021-33046
Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.
Vulnerability category: BypassGain privilege
Products affected by CVE-2021-33046
- Dahuasecurity » Sd6al FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Sd52c FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Ipc-hx2xxx FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:ipc-hx2xxx_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Ipc-hx3xxx FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Ipc-hx5xxx FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Sd1a1 FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Tpc-bf1241 FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Tpc-bf2221 FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Tpc-bf5x01 FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Tpc-sd2221 FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Tpc-sd8x21 FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Ipc-hx1xxx FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:ipc-hx1xxx_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Ipc-hx5(4)(3)xxx FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:ipc-hx5\(4\)\(3\)xxx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:dahuasecurity:sd49_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Tpc-pt8x21x FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:tpc-pt8x21x_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Nvr1xxx FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:nvr1xxx_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Nvr2xxx FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:nvr2xxx_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Nvr4xxx FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:nvr4xxx_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Nvr5xxx FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:nvr5xxx_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Xvr4xxx FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:xvr4xxx_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Xvr5xxx FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:xvr5xxx_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Xvr7xxx FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:xvr7xxx_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Hcvr7xxx FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:hcvr7xxx_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Hcvr8xxx FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:hcvr8xxx_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Vtox20xf FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:vtox20xf_firmware:*:*:*:*:*:*:*:*
- Dahuasecurity » Asc2204c FirmwareVersions from including (>=) 2017-7 and up to, including, (<=) 2021-7cpe:2.3:o:dahuasecurity:asc2204c_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-33046
0.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 66 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-33046
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2021-33046
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-33046
-
https://support.dahuatech.com/networkSecurity/securityDetails?id=95
安全预警 -大华部分产品存在访问控制漏洞-浙江大华技术股份有限公司Vendor Advisory
-
https://www.dahuasecurity.com/support/cybersecurity/details/987
Security Advisory - Access control vulnerability found in some Dahua productsVendor Advisory
-
https://www.dahuasecurity.com/support/cybersecurity/details/957
Security Advisory - Identity authentication bypass vulnerability found in some Dahua productsNot Applicable
Jump to