DHCC-SA-202106-001:Security Advisory - Identity authentication bypass vulnerability found in some Dahua products
SA ID:DHCC-SA-202106-001
First Published:2021-09-01
Last Published:2021-11-15
Summary:
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
Common Vulnerabilities and Exposures(CVE ID):
CVE-2021-33044; CVE-2021-33045
Vulnerability Score
The vulnerability classification has been performed by using the CVSSv3 scoring system (http://www.first.org/cvss/specification-document).
Base Score:8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Temporal Score:7.3 (E:P/RL:O/RC:C)
Affected Products & Fix Software:
The following product Series and models are currently known to be affected:
1. CVE-2021-33044
|
Affected Model |
Affected Version |
Fix Software |
|
IPC-HX1XXX, HX2XXX, HX3XXX,
HX5(4)(3)XXX,
HX5XXX,
HUM7XXX,
|
Versions which Build time before June,2021 |
DH_IPC-HX1XXX-Molec_MultiLang_PN_V2.820.0000000.33.R.210705
DH_IPC-HX1XXX-Molec_MultiLang_NP_V2.820.0000000.33.R.210705
DH_IPC-HX2XXX-Molec_MultiLang_PN_V2.820.0000000.33.R.210705
DH_IPC-HX2XXX-Molec_MultiLang_NP_V2.820.0000000.33.R.210705
DH_IPC-HX3XXX-Leo_MultiLang_PN_Stream3_V2.800.0000000.29.R.210630
DH_IPC-HX3XXX-Leo_MultiLang_NP_Stream3_V2.800.0000000.29.R.210630
DH_IPC-HX3XXX-Dalton_MultiLang_NP_Stream3_V2.820.0000000.18.R.210705
DH_IPC-HX3XXX-Dalton_MultiLang_PN_Stream3_V2.820.0000000.18.R.210705
DH_IPC-HX5(4)(3)XXX-Leo_MultiLang_PN_Stream3_V2.800.0000000.29.R.210630
DH_IPC-HX5(4)(3)XXX-Leo_MultiLang_NP_Stream3_V2.800.0000000.29.R.210630
DH_IPC-HX5XXX-Volt_MultiLang_PN_Stream3_V2.820.0000000.5.R.210705
DH_IPC-HX5XXX-Volt_MultiLang_NP_Stream3_V2.820.0000000.5.R.210705
DH_IPC-HUM7XXX-E2-Volt_MultiLang_NP_V2.820.0000000.5.R.210705
DH_IPC-HUM7XXX-E2-Volt_MultiLang_PN_V2.820.0000000.5.R.210705
DH_IPC-HX8XXX-Nobel_MultiLang_PN_V3.000.0000000.2.R.210712
DH_IPC-HX8XXX-Nobel_MultiLang_NP_V3.000.0000000.2.R.210712
DH_IPC-HX8XXX-Nobel_MultiLang_NP_Stream3_V2.800.0000000.14.R.210720
DH_IPC-HX8XXX-Nobel_MultiLang_PN_Stream3_V2.800.0000000.14.R.210720
DH_IPC-HX8XXX-Nobel_MultiLang_PN_V2.800.0000000.14.R.210712
|
|
VTO75X95X, VTO65XXX |
DH_VTO75X95X_Eng_PN_SIP_V4.300.0000003.0.R.210714
|
|
|
DHI-ASI7213Y-V3-T1 |
DH_ASI72XX-V3_Eng_NP_V1.000.0000014.0.R.210823 |
|
|
VTH542XH |
DH_VTH542XH_MultiLang_SIP_V4.500.0000002.0.R.210715 |
|
|
PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, SD6AL |
DH_SD-Eos-Civil_MultiLang_PN_Stream3_V2.812.0000007.0.R.210706 DH_SD-Eos-Civil_MultiLang_NP_Stream3_V2.812.0000007.0.R.210706 DH_SD-Eos_MultiLang_PN_Stream3_V2.812.0000007.0.R.210706 DH_SD-Eos_MultiLang_NP_Stream3_V2.812.0000007.0.R.210706 |
|
|
Thermal TPC-BF1241, TPC-BF2221, TPC-SD2221, TPC-BF5XXX, TPC-SD8X21, TPC-PT8X21B |
DH_TPC-BF1241-TB_MultiLang_PN_V2.630.0000000.6.R.210707
DH_TPC-BF1241-TB_MultiLang_NP_V2.630.0000000.6.R.210707
DH_TPC-BF2221-TB_MultiLang_PN_V2.630.0000000.10.R.210707
DH_TPC-BF2221-TB_MultiLang_NP_V2.630.0000000.10.R.210707
DH_TPC-SD2221-TB_MultiLang_PN_V2.630.0000000.7.R.210707
DH_TPC-SD2221-TB_MultiLang_NP_V2.630.0000000.7.R.210707
DH_TPC-BF5X01-TB_MultiLang_PN_V2.630.0000000.12.R.210707
DH_TPC-BF5X01-TB_MultiLang_NP_V2.630.0000000.12.R.210707
DH_TPC-BF5X21-TB_MultiLang_PN_V2.630.0000000.8.R.210630
DH_TPC-BF5X21-TB_MultiLang_NP_V2.630.0000000.8.R.210630
DH_TPC-PT8X21A-TB_MultiLang_PN_V2.630.0000000.14.R.210630
DH_TPC-PT8X21A-TB_MultiLang_NP_V2.630.0000000.14.R.210630
DH_TPC-SD8X21-TB_MultiLang_PN_V2.630.0000000.9.R.210706
DH_TPC-SD8X21-TB_MultiLang_NP_V2.630.0000000.9.R.210706
DH_TPC-PT8X21B-B_MultiLang_PN_V2.630.0000000.10.R.210701
|
2. CVE-2021-33045
|
Affected Model |
Affected Version |
Fix Software |
|
IPC-HX1XXX, HX2XXX, HX3XXX,
HX5(4)(3)XXX,
HX5XXX,
HUM7XXX,
|
Versions which Build time before May,2020 |
DH_IPC-HX1XXX-Molec_MultiLang_PN_V2.820.0000000.33.R.210705
DH_IPC-HX1XXX-Molec_MultiLang_NP_V2.820.0000000.33.R.210705
DH_IPC-HX2XXX-Molec_MultiLang_PN_V2.820.0000000.33.R.210705
DH_IPC-HX2XXX-Molec_MultiLang_NP_V2.820.0000000.33.R.210705
DH_IPC-HX3XXX-Leo_MultiLang_PN_Stream3_V2.800.0000000.29.R.210630
DH_IPC-HX3XXX-Leo_MultiLang_NP_Stream3_V2.800.0000000.29.R.210630
DH_IPC-HX3XXX-Dalton_MultiLang_NP_Stream3_V2.820.0000000.18.R.210705
DH_IPC-HX3XXX-Dalton_MultiLang_PN_Stream3_V2.820.0000000.18.R.210705
DH_IPC-HX5(4)(3)XXX-Leo_MultiLang_PN_Stream3_V2.800.0000000.29.R.210630
DH_IPC-HX5(4)(3)XXX-Leo_MultiLang_NP_Stream3_V2.800.0000000.29.R.210630
DH_IPC-HX5XXX-Volt_MultiLang_PN_Stream3_V2.820.0000000.5.R.210705
DH_IPC-HX5XXX-Volt_MultiLang_NP_Stream3_V2.820.0000000.5.R.210705
DH_IPC-HUM7XXX-E2-Volt_MultiLang_NP_V2.820.0000000.5.R.210705
DH_IPC-HUM7XXX-E2-Volt_MultiLang_PN_V2.820.0000000.5.R.210705
DH_IPC-HX8XXX-Nobel_MultiLang_PN_V3.000.0000000.2.R.210712
DH_IPC-HX8XXX-Nobel_MultiLang_NP_V3.000.0000000.2.R.210712
DH_IPC-HX8XXX-Nobel_MultiLang_NP_Stream3_V2.800.0000000.14.R.210720
DH_IPC-HX8XXX-Nobel_MultiLang_PN_Stream3_V2.800.0000000.14.R.210720
DH_IPC-HX8XXX-Nobel_MultiLang_PN_V2.800.0000000.14.R.210712
|
|
VTO75X95X, VTO65XXX |
Versions which Build time before December,2019 |
DH_VTO75X95X_Eng_PN_SIP_V4.300.0000003.0.R.210714
|
|
VTH542XH |
DH_VTH542XH_MultiLang_SIP_V4.500.0000002.0.R.210715 |
|
|
NVR1XXX, NVR2XXX, NVR5XXX, NVR6XX |
DH_NVR4XXX-I_MultiLang_V4.001.0000000.3.R.210710
DH_NVR4x-4KS2L_MultiLang_V4.001.0000001.0.R.210709
DH_NVR4XXX-4KS2_MultiLang_V4.001.0000005.1.R.210713
DH_NVR5XXX-4KS2_MultiLang_V4.001.0000006.1.R.210709
DH_NVR5XXX-I_MultiLang_V4.001.0000000.3.R.210710
DH_NVR5XXX-IL_MultiLang_V4.001.0000000.0.R.210710
DH_NVR1XHC-S3_MultiLang_V4.001.0000000.1.R.210710
DH_NVR2XXX-4KS2_MultiLang_V4.001.0000005.0.R.210709
DH_NVR2XXX-W-4KS2_MultiLang_V4.001.0000003.1.R.210709
DH_NVR2XXX-I2_Mul_V4.002.0000000.0.R.210709
DH_NVR2XXX-I_Mul_V4.001.0000000.1.R.210710
DH_NVR1XXX-S3H_MultiLang_V4.001.0000005.1.R.210709
|
|
|
XVR4xxx, XVR5xxx, XVR7xxx |
DH_XVR5x16-I2_MultiLang_V4.001.0000003.1.R.210710
DH_XVR7x16-I2_MultiLang_V4.001.0000003.1.R.210710
DH_XVR5x08-I2_MultiLang_V4.001.0000003.1.R.210710
DH_XVR5x04-I2_MultiLang_V4.001.0000003.1.R.210710
DH_XVR7x32-I2_MultiLang_V4.001.0000003.1.R.210710
DH_XVR5x08-I3_MultiLang_V4.001.0000000.15.R.210702
DH_XVR5x04-I3_MultiLang_V4.001.0000000.15.R.210702
DH_XVR4x08-I3_MultiLang_V4.001.0000000.15.R.210702
DH_XVR4x04-I_MultiLang_V4.001.0000001.1.R.210709
DH_XVR4x08-I_MultiLang_V4.001.0000001.1.R.210709
DH_XVR5x08-X_MultiLang_V4.001.0000000.9.R.210710
DH_XVR5x16-X_MultiLang_V4.001.0000000.9.R.210710
DH_XVR7x16-X_MultiLang_V4.001.0000000.9.R.210710
DH_XVR5x04-X1(2.0)_MultiLang_V4.001.0000000.14.R.210709
|
Note: Please login to the Web interface of the device to view Build time, which you can find on the Settings-System Information-Version Information page (setting-systeminfo-version).
Fix Software Download:
Please download the corresponding fix software or its newer version as listed in the above table from Dahua website, or contact Dahua local technical support to upgrade.
● Cloud Upgrade: Dahua products have the capability of cloud upgrade. Relevant repair versions can be obtained through cloud upgrade.
● Dahua Official Website: Overseas: https://www.dahuasecurity.com/support/downloadCenter
● Dahua Technical Support Personnel
Support Resources:
For any questions or concerns related to our products and solutions, please contact Dahua PSIRT at psirt@dahuatech.com.
We acknowledge the support of Bashis who discovered this vulnerability and reported to Dahua PSIRT.
Update Record:
2024-01-12 V1.2 UPDATED Updated the "Affected Products & Fix Software";
2021-11-15 V1.1 UPDATED Updated the “Affected Products & Fix Software” section and the updated products;
2021-09-01 INITIAL
