Site icon Application System

Security error CVE-2021-33044 – CVE-2021-33045 on Dahua Camera

CCTVAPP.NET

Security Advisory – Identity authentication bypass vulnerability found in some Dahua products

I. Information

Basic Score:8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Temporary Score:7.3 (E:P/RL:O/RC:C)

II. Affected Products & Firmware update

The following product lines are currently identified as affected:

1. CVE-2021-33044

NumProductFirmware errorFirmware fixed
1IPC-HX3XXX,
HX5XXX,
HUM7XXX		Versions which Build time before June,2021DH_IPC-HX3XXX-Leo_MultiLang_PN_Stream3_V2.800.0000000.29.R.210630
DH_IPC-HX3XXX-Leo_MultiLang_NP_Stream3_V2.800.0000000.29.R.210630
DH_IPC-HX3XXX-Dalton_MultiLang_NP_Stream3_V2.820.0000000.18.R.210705
DH_IPC-HX3XXX-Dalton_MultiLang_PN_Stream3_V2.820.0000000.18.R.210705
DH_IPC-HX5XXX-Volt_MultiLang_PN_Stream3_V2.820.0000000.5.R.210705
DH_IPC-HX5XXX-Volt_MultiLang_NP_Stream3_V2.820.0000000.5.R.210705
DH_IPC-HUM7XXX-E2-Volt_MultiLang_NP_V2.820.0000000.5.R.210705
DH_IPC-HUM7XXX-E2-Volt_MultiLang_PN_V2.820.0000000.5.R.210705
2VTO75X95X,
VTO65XXX		Versions which Build time before June,2021DH_VTO75X95X_Eng_PN_SIP_V4.300.0000003.0.R.210714
DH_VTO65XXX_Eng_PN_V4.300.0000004.0.R.210715
3VTH542XHVersions which Build time before June,2021DH_VTH542XH_MultiLang_SIP_V4.500.0000002.0.R.210715
4PTZ Dome Camera SD1A1,
SD22,
SD49,
SD50,
SD52C,
SD6AL		Versions which Build time before June,2021DH_SD-Eos-Civil_MultiLang_PN_Stream3_V2.812.0000007.0.R.210706
DH_SD-Eos-Civil_MultiLang_NP_Stream3_V2.812.0000007.0.R.210706
DH_SD-Eos_MultiLang_PN_Stream3_V2.812.0000007.0.R.210706
DH_SD-Eos_MultiLang_NP_Stream3_V2.812.0000007.0.R.210706
5Thermal
TPC-BF1241,
TPC-BF2221,
TPC-SD2221, TPC-BF5XXX,
TPC-SD8X21,
TPC-PT8X21B		Versions which Build time before June,2021DH_TPC-BF1241-TB_MultiLang_PN_V2.630.0000000.6.R.210707
DH_TPC-BF1241-TB_MultiLang_NP_V2.630.0000000.6.R.210707
DH_TPC-BF2221-TB_MultiLang_PN_V2.630.0000000.10.R.210707
DH_TPC-BF2221-TB_MultiLang_NP_V2.630.0000000.10.R.210707
DH_TPC-SD2221-TB_MultiLang_PN_V2.630.0000000.7.R.210707
DH_TPC-SD2221-TB_MultiLang_NP_V2.630.0000000.7.R.210707
DH_TPC-BF5X01-TB_MultiLang_PN_V2.630.0000000.12.R.210707
DH_TPC-BF5X01-TB_MultiLang_NP_V2.630.0000000.12.R.210707
DH_TPC-BF5X21-TB_MultiLang_PN_V2.630.0000000.8.R.210630
DH_TPC-BF5X21-TB_MultiLang_NP_V2.630.0000000.8.R.210630
DH_TPC-PT8X21A-TB_MultiLang_PN_V2.630.0000000.14.R.210630
DH_TPC-PT8X21A-TB_MultiLang_NP_V2.630.0000000.14.R.210630
DH_TPC-SD8X21-TB_MultiLang_PN_V2.630.0000000.9.R.210706
DH_TPC-SD8X21-TB_MultiLang_NP_V2.630.0000000.9.R.210706
DH_TPC-PT8X21B-B_MultiLang_PN_V2.630.0000000.10.R.210701
DH_TPC-PT8X21B-B_MultiLang_NP_V2.630.0000000.10.R.210701

2. CVE-2021-33045

NumProductFirmware errorFirmware fixed
1IPC-HX3XXX,
HX5XXX,
HUM7XXX		Versions which Build time before May,2020DH_IPC-HX3XXX-Leo_MultiLang_PN_Stream3_V2.800.0000000.29.R.210630
DH_IPC-HX3XXX-Leo_MultiLang_NP_Stream3_V2.800.0000000.29.R.210630
DH_IPC-HX3XXX-Dalton_MultiLang_NP_Stream3_V2.820.0000000.18.R.210705
DH_IPC-HX3XXX-Dalton_MultiLang_PN_Stream3_V2.820.0000000.18.R.210705
DH_IPC-HX5XXX-Volt_MultiLang_PN_Stream3_V2.820.0000000.5.R.210705
DH_IPC-HX5XXX-Volt_MultiLang_NP_Stream3_V2.820.0000000.5.R.210705
DH_IPC-HUM7XXX-E2-Volt_MultiLang_NP_V2.820.0000000.5.R.210705
DH_IPC-HUM7XXX-E2-Volt_MultiLang_PN_V2.820.0000000.5.R.210705
2VTO75X95X,
VTO65XXX		Versions which Build time before December,2019DH_VTO75X95X_Eng_PN_SIP_V4.300.0000003.0.R.210714
DH_VTO65XXX_Eng_PN_V4.300.0000004.0.R.210715
3VTH542XHVersions which Build time before December,2019DH_VTH542XH_MultiLang_SIP_V4.500.0000002.0.R.210715
4NVR1XXX,
NVR2XXX,
NVR4XXX,
NVR5XXX,
NVR6XX		Versions which Build time before December,2019DH_NVR4XXX-I_MultiLang_V4.001.0000000.3.R.210710
DH_NVR4x-4KS2L_MultiLang_V4.001.0000001.0.R.210709
DH_NVR4XXX-4KS2_MultiLang_V4.001.0000005.1.R.210713
DH_NVR5XXX-4KS2_MultiLang_V4.001.0000006.1.R.210709
DH_NVR5XXX-I_MultiLang_V4.001.0000000.3.R.210710
DH_NVR5XXX-IL_MultiLang_V4.001.0000000.0.R.210710
DH_NVR1XHC-S3_MultiLang_V4.001.0000000.1.R.210710
DH_NVR2XXX-4KS2_MultiLang_V4.001.0000005.0.R.210709
DH_NVR2XXX-W-4KS2_MultiLang_V4.001.0000003.1.R.210709
DH_NVR2XXX-I2_Mul_V4.002.0000000.0.R.210709
DH_NVR2XXX-I_Mul_V4.001.0000000.1.R.210710
DH_NVR1XXX-S3H_MultiLang_V4.001.0000005.1.R.210709
DH_NVR6XX-4KS2_MultiLang_V4.001.0000001.1.R.210716
5XVR4xxx,
XVR5xxx,
XVR7xxx		Versions which Build time before December,2019DH_XVR5x16-I2_MultiLang_V4.001.0000003.1.R.210710
DH_XVR7x16-I2_MultiLang_V4.001.0000003.1.R.210710
DH_XVR5x08-I2_MultiLang_V4.001.0000003.1.R.210710
DH_XVR5x04-I2_MultiLang_V4.001.0000003.1.R.210710
DH_XVR7x32-I2_MultiLang_V4.001.0000003.1.R.210710
DH_XVR5x08-I3_MultiLang_V4.001.0000000.15.R.210702
DH_XVR5x04-I3_MultiLang_V4.001.0000000.15.R.210702
DH_XVR4x08-I3_MultiLang_V4.001.0000000.15.R.210702
DH_XVR4x04-I_MultiLang_V4.001.0000001.1.R.210709
DH_XVR4x08-I_MultiLang_V4.001.0000001.1.R.210709
DH_XVR5x08-X_MultiLang_V4.001.0000000.9.R.210710
DH_XVR5x16-X_MultiLang_V4.001.0000000.9.R.210710
DH_XVR7x16-X_MultiLang_V4.001.0000000.9.R.210710
DH_XVR5x04-X1(2.0)_MultiLang_V4.001.0000000.14.R.210709
DH_XVR4x04-X1(2.0)_MultiLang_V4.001.0000000.14.R.210709

Note: Please login to your device’s Web interface to see the Firmware version, you can find this on Settings -> System Info -> Version (setting-systeminfo-version) page.

III. Download Firmware to fix errors

Download the corresponding debug software or a later version as listed in the table above from the Dahua website or contact your local Dahua technical support for an upgrade.

Cloud upgrade: Dahua products are cloud-upgradeable. The relevant corrected versions can be obtained through a cloud upgrade.

Dahua Official Website: https http://www.dahuasecurity.com/support/downloadCenter

Support Resources :

For any questions or concerns regarding our products and solutions, please contact Dahua DHCC at cybersecurity@dahuatech.com.

Exit mobile version