CVE-2021-33044
Description
The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.
Severity: CRITICAL
CVE ID: CVE-2021-33044
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2021-33044
Refrence: Project Discovery GitHub
bp2008
Chrome extension that uses vulnerabilities CVE-2021-33044 and CVE-2021-33045 to log in to Dahua cameras without authentication.
Refrence: GitHub
dorkerdevil
Dahua IPC/VTH/VTO devices auth bypass exploit
Refrence: GitHub
Alonzozzz
Changelog CVE-2021-33044,CVE-2021-33045 Identity authentication bypass vulnerability found in some Dahua products CVE-2021-27248,CVE-2021-27249,CVE-2021-27250,CVE-2021-34860,CVE-2021-34861,CVE-2021-34862,CVE-2021-34863 Multiple vulnerabilities in DAP-2020 H/W rev. Ax with F/W v1.01 and below HTTP Path Traversal CVE-2019-7406 RCE vulnerability in TP-Link Wi-Fi Extenders via a malformed user agent field in HTTP headers CVE-2020-2501,CVE-2021-28797 Stack Buffer Overflow in QNAP Surveillance Station CVE-2021-34730 Critical UPnP Service Flaw on Cisco Small Business RV Series Routers CVE-2020-35785 Multiple HTTP authentication vulnerabilities on DGN2200v1
Refrence: GitHub
haingn
Refrence: GitHub
Content on GitHub
jorhelp | watchers:1404
Ingram
网络摄像头漏洞扫描工具 | Webcam vulnerability scanning tool
Refrence: GitHub