CVE-2021-33046

EPSS 0.5%
Veröffentlicht 13.01.2022 21:15:07
Zuletzt bearbeitet 21.11.2024 06:08:11
Quelle cybersecurity@dahuatech.com
CVE-Watchlists
Login
Unerledigt
Login

Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dahuasecurity ≫ Ipc-hx1xxx Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Ipc-hx1xxx Version-

Dahuasecurity ≫ Ipc-hx2xxx Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Ipc-hx2xxx Version-

Dahuasecurity ≫ Ipc-hx3xxx Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Ipc-hx3xxx Version-

Dahuasecurity ≫ Ipc-hx5(4)(3)xxx Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Ipc-hx5(4)(3)xxx Version-

Dahuasecurity ≫ Ipc-hx5xxx Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Ipc-hx5xxx Version-

Dahuasecurity ≫ Sd1a1 Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Sd1a1 Version-

Dahuasecurity ≫ Sd22 Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Sd22 Version-

Dahuasecurity ≫ Sd49 Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Sd49 Version-

Dahuasecurity ≫ Sd50 Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Sd50 Version-

Dahuasecurity ≫ Sd52c Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Sd52c Version-

Dahuasecurity ≫ Sd6al Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Sd6al Version-

Dahuasecurity ≫ Tpc-bf1241 Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Tpc-bf1241 Version-

Dahuasecurity ≫ Tpc-bf2221 Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Tpc-bf2221 Version-

Dahuasecurity ≫ Tpc-bf5x01 Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Tpc-bf5x01 Version-

Dahuasecurity ≫ Tpc-pt8x21x Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Tpc-pt8x21x Version-

Dahuasecurity ≫ Tpc-sd2221 Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Tpc-sd2221 Version-

Dahuasecurity ≫ Tpc-sd8x21 Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Tpc-sd8x21 Version-

Dahuasecurity ≫ Nvr1xxx Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Nvr1xxx Version-

Dahuasecurity ≫ Nvr2xxx Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Nvr2xxx Version-

Dahuasecurity ≫ Nvr4xxx Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Nvr4xxx Version-

Dahuasecurity ≫ Nvr5xxx Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Nvr5xxx Version-

Dahuasecurity ≫ Xvr4xxx Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Xvr4xxx Version-

Dahuasecurity ≫ Xvr5xxx Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Xvr5xxx Version-

Dahuasecurity ≫ Xvr7xxx Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Xvr7xxx Version-

Dahuasecurity ≫ Hcvr7xxx Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Hcvr7xxx Version-

Dahuasecurity ≫ Hcvr8xxx Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Hcvr8xxx Version-

Dahuasecurity ≫ Vtox20xf Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Vtox20xf Version-

Dahuasecurity ≫ Asc2204c Firmware Version >= 2017-7 <= 2021-7

Dahuasecurity ≫ Asc2204c Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.5%	0.652

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://www.dahuasecurity.com/support/cybersecurity/details/957

Not Applicable

https://support.dahuatech.com/networkSecurity/securityDetails?id=95

Vendor Advisory

https://www.dahuasecurity.com/support/cybersecurity/details/987

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-33046

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-33046

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-33046

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-33046