CVE-2021-33044

CriticalKnown Exploited

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device…

dahua·CWE-287·Published 2021-09-15

CVSS

9.8

EPSS

1.00

KEV

Yes

Exploits

cve.orgen

195 chars

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

NVDen

195 chars

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

Una vulnerabilidad de omisión de autenticación de identidad encontrada en algunos productos Dahua durante el proceso de inicio de sesión. Los atacantes pueden omitir la autenticación de la identidad del dispositivo al construir paquetes de datos maliciosos

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	10.0	10.0	10.0	AV:N/AC:L/Au:N/C:C/I:C/A:C
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H