Home

Description

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

PUBLISHED Reserved 2021-05-17 | Published 2021-09-15 | Updated 2025-10-21 | Assigner dahua

CISA Known Exploited Vulnerability

Date added 2024-08-21 | Due date 2024-09-11

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Problem types

Improper Authentication

References

www.dahuasecurity.com/support/cybersecurity/details/957

seclists.org/fulldisclosure/2021/Oct/13 (20211005 [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)) mailing-list

packetstormsecurity.com/.../Dahua-Authentication-Bypass.html

www.cisa.gov/...erabilities-catalog?field_cve=CVE-2021-33045 government-resource

www.dahuasecurity.com/support/cybersecurity/details/957

seclists.org/fulldisclosure/2021/Oct/13 (20211005 [Update]: Dahua Authentication bypass (CVE-2021-33044, CVE-2021-33045)) mailing-list

packetstormsecurity.com/.../Dahua-Authentication-Bypass.html

cve.org (CVE-2021-33045)

nvd.nist.gov (CVE-2021-33045)

Download JSON