View on GitHub

IoPT App

We are here to improve the SoHo security a bit!

Get it on Google Play

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. Vulnerable device types: IPC/VTH/VTO/NVR/DVR. IPC/VTH/VTO devices firmware older than June 2021 is vulnerable to CVE-2021-33044. IPC/VTH/VTO/NVR/DVR devices firmware older than beginning/mid 2020 is vulnerable to CVE-2021-33045. The list of the affected models is extensive and covers many of Dahua cameras. Shodan detects over 1.2 million Dahua systems around the world. It is important to clarify that not all of these devices are vulnerable to exploitation, but the list of the affected models contains some widely deployed ones.