CVE-2021-33044

Q: What is the severity of CVE-2021-33044?

CVE-2021-33044 has a CVSS score of 9.8 (CRITICAL). CVE-2021-33044 is an authentication bypass vulnerability in certain Dahua security products that allows attackers to gain unauthorized access by sending specially crafted packets during login. This affects Dahua IP cameras, NVRs, and other security devices with vulnerable firmware. Attackers can potentially take full control of affected devices without valid credentials.

9.8 CRITICAL

Authentication Bypass

📋 TL;DR

CVE-2021-33044 is an authentication bypass vulnerability in certain Dahua security products that allows attackers to gain unauthorized access by sending specially crafted packets during login. This affects Dahua IP cameras, NVRs, and other security devices with vulnerable firmware. Attackers can potentially take full control of affected devices without valid credentials.

💻 Affected Systems

Products:

Dahua IP cameras
Dahua NVRs (Network Video Recorders)
Dahua DVRs
Other Dahua security devices

Versions: Multiple firmware versions prior to October 2021 patches

Operating Systems: Embedded Linux-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Specific affected models and firmware versions detailed in Dahua's security advisory. Devices with default configurations are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to view live camera feeds, modify device configurations, install malware, pivot to internal networks, or disable security monitoring entirely.

🟠

Likely Case

Unauthorized access to video feeds and device management interfaces, potentially leading to surveillance bypass, data exfiltration, or device manipulation.

🟢

If Mitigated

Limited impact if devices are behind firewalls, have network segmentation, and proper monitoring detects authentication anomalies.

🌐 Internet-Facing: HIGH - Internet-exposed devices are directly vulnerable to remote exploitation without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or malware could exploit this, but requires network access to vulnerable devices.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code available on Packet Storm and other sources. Attack requires sending specially crafted HTTP/HTTPS packets to device login endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates released October 2021 and later

Vendor Advisory: https://www.dahuasecurity.com/support/cybersecurity/details/957

Restart Required: Yes

Instructions:

1. Identify affected Dahua device models. 2. Check current firmware version. 3. Download latest firmware from Dahua support portal. 4. Upload firmware via web interface. 5. Reboot device after update completes.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Dahua devices from internet and restrict network access

Access Control Lists

linux

Implement firewall rules to restrict access to device management interfaces

iptables -A INPUT -p tcp --dport 80 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Remove internet-facing exposure immediately
Implement strict network segmentation and monitor for authentication anomalies

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against patched versions in Dahua advisory. Test with controlled exploit attempt in isolated environment.

Check Version:

Check via device web interface at System > Information > Version, or via SSH: cat /version

Verify Fix Applied:

Verify firmware version is patched per advisory and test authentication bypass no longer works.

📡 Detection & Monitoring

Log Indicators:

Failed login attempts followed by successful access from same IP
Authentication logs showing unusual packet patterns
Access from unexpected IP addresses to admin interfaces

Network Indicators:

HTTP/HTTPS requests to login endpoints with malformed packets
Traffic patterns matching known exploit signatures
Unauthorized access to video streams

SIEM Query:

source="dahua-device" AND (event_type="authentication" AND result="success" AND previous_event="failure" within 5s) OR (http_uri="/login.cgi" AND http_user_agent="exploit_tool")

📊 Metadata

CVE ID: CVE-2021-33044

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: September 15, 2021

Last Updated: January 13, 2026

🔗 References

http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html Exploit,Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2021/Oct/13 Exploit,Mailing List,Third Party Advisory
https://www.dahuasecurity.com/support/cybersecurity/details/957 Vendor Advisory
http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html Exploit,Third Party Advisory,VDB Entry
http://seclists.org/fulldisclosure/2021/Oct/13 Exploit,Mailing List,Third Party Advisory
https://www.dahuasecurity.com/support/cybersecurity/details/957 Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-33044 US Government Resource

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ipc Hum7xxx Firmware by Dahuasecurity

Ipc Hx3xxx Firmware by Dahuasecurity

Ipc Hx5xxx Firmware by Dahuasecurity

Sd1a1 Firmware by Dahuasecurity

Sd22 Firmware by Dahuasecurity

Sd49 Firmware by Dahuasecurity

Sd50 Firmware by Dahuasecurity

Sd52c Firmware by Dahuasecurity

Sd6al Firmware by Dahuasecurity

Tpc Bf1241 Firmware by Dahuasecurity

Tpc Bf2221 Firmware by Dahuasecurity

Tpc Bf5x01 Firmware by Dahuasecurity

Tpc Bf5x21 Firmware by Dahuasecurity

Tpc Pt8x21b Firmware by Dahuasecurity

Tpc Sd2221 Firmware by Dahuasecurity

Tpc Sd8x21 Firmware by Dahuasecurity

Vth 542xh Firmware by Dahuasecurity

Vto 65xxx Firmware by Dahuasecurity

Vto 75x95x Firmware by Dahuasecurity