CVE-2021-33046

high-risk
Published 2022-01-13

Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.

Do I need to act?

-
0.50% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (20)

Ipc-Hx1Xxx Firmware
Ipc-Hx2Xxx Firmware
Ipc-Hx5\(4\)\(3\)Xxx Firmware
Tpc-Pt8X21X Firmware
Nvr1Xxx Firmware
Nvr2Xxx Firmware
Nvr4Xxx Firmware

Affected Vendors

Dahuasecurity

References (6)

Vendor Advisory https://support.dahuatech.com/networkSecurity/securityDetails?id=95
Not Applicable https://www.dahuasecurity.com/support/cybersecurity/details/957
Vendor Advisory https://www.dahuasecurity.com/support/cybersecurity/details/987
Vendor Advisory https://support.dahuatech.com/networkSecurity/securityDetails?id=95
Not Applicable https://www.dahuasecurity.com/support/cybersecurity/details/957
Vendor Advisory https://www.dahuasecurity.com/support/cybersecurity/details/987
56
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 22/34 · High