CVE-2021-33044 - Vulnerability Details

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since Aug. 21, 2024.

Exploitation active

Automatable yes

Technical Impact total

Vendors	Products
Dahuasecurity	Ipc-hum7xxx Ipc-hum7xxx Firmware Ipc-hx3xxx Ipc-hx3xxx Firmware Ipc-hx5xxx Ipc-hx5xxx Firmware Sd1a1 Sd1a1 Firmware Sd22 Sd22 Firmware Sd41 Sd41 Firmware Sd50 Sd50 Firmware Sd52c Sd52c Firmware Sd6al Sd6al Firmware Tpc-bf1241 Tpc-bf1241 Firmware Tpc-bf2221 Tpc-bf2221 Firmware Tpc-bf5x01 Tpc-bf5x01 Firmware Tpc-bf5x21 Tpc-bf5x21 Firmware Tpc-pt8x21b Tpc-pt8x21b Firmware Tpc-sd2221 Tpc-sd2221 Firmware Tpc-sd8x21 Tpc-sd8x21 Firmware Vth-542xh Vth-542xh Firmware Vto-65xxx Vto-65xxx Firmware Vto-75x95x Vto-75x95x Firmware

Configuration 1 [-]

AND

cpe:2.3:o:dahuasecurity:ipc-hum7xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hum7xxx:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:dahuasecurity:ipc-hx3xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx3xxx:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:dahuasecurity:ipc-hx5xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:ipc-hx5xxx:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:dahuasecurity:sd1a1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd1a1:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:dahuasecurity:sd22_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd22:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:dahuasecurity:sd41_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd41:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:dahuasecurity:sd50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd50:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:dahuasecurity:sd52c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd52c:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:dahuasecurity:sd6al_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:sd6al:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-bf1241_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf1241:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-bf2221_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf2221:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-bf5x01_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf5x01:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-pt8x21b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-pt8x21b:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-sd2221_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-sd2221:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-sd8x21_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-sd8x21:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:dahuasecurity:vto-65xxx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:vto-65xxx:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:dahuasecurity:vto-75x95x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:vto-75x95x:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:dahuasecurity:vth-542xh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:vth-542xh:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:dahuasecurity:tpc-bf5x21_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dahuasecurity:tpc-bf5x21:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html
http://seclists.org/fulldisclosure/2021/Oct/13
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33044
https://www.dahuasecurity.com/support/cybersecurity/details/957

History

Wed, 22 Oct 2025 00:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33044

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33044

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33044

Wed, 30 Jul 2025 02:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: dahua

Published: 2021-09-15T21:36:04.000Z

Updated: 2025-10-21T23:25:32.563Z

Reserved: 2021-05-17T00:00:00.000Z

Link: CVE-2021-33044

Vulnrichment

Updated: 2024-08-03T23:42:19.261Z

NVD

Status : Modified

Published: 2021-09-15T22:15:10.497

Modified: 2025-10-22T00:17:36.847

Link: CVE-2021-33044

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object