CVE-2021-33044

critical

Description

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

References

Exploits
More

https://www.infosecurity-magazine.com/news/webcams-vulnerable-hiatusrat-fbi/

https://thehackernews.com/2024/12/cisa-and-fbi-raise-alerts-on-exploited.html

https://www.bleepingcomputer.com/news/security/fbi-spots-hiatusrat-malware-attacks-targeting-web-cameras-dvrs/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a

https://www.theregister.com/2024/09/05/uncle_sam_charges_russian_gru/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a

https://www.dahuasecurity.com/support/cybersecurity/details/957

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33044

http://seclists.org/fulldisclosure/2021/Oct/13

http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html

Details

Source: Mitre, NVD

Published: 2021-09-15

Updated: 2025-10-22

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H