### [CVE-2021-33045](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33045)
![](https://img.shields.io/static/v1?label=Product&message=Some%20Dahua%20IP%20Camera%2C%20Video%20Intercom%2C%20NVR%2C%20XVR%20devices&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Dahua%20IP%20Camera%20devices%20IPC-HX3XXX%2C%20IPC-HX5XXX%2C%20and%20IPC-HUM7XXX%20Buildtime%20before%20May%2C%202020%2C%20Video%20Intercom%20devices%20VTO75X95X%2C%20VTO65XXX%2C%20and%20VTH542XH%2C%20NVR%20devices%20NVR1XXX%2C%20NVR2XXX%2C%20NVR5XXX%2C%20and%20NVR6XX%2C%20XVR%20devices%20XVR4xxx%2C%20XVR5xxx%2C%20and%20XVR7xxx%20Buildtime%20before%20December%2C%202019.%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Authentication&color=brightgreen)

### Description

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

### POC

#### Reference
- http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html
- http://seclists.org/fulldisclosure/2021/Oct/13

#### Github
- https://github.com/20142995/Goby
- https://github.com/20142995/nuclei-templates
- https://github.com/APPHIK/cam
- https://github.com/APPHIK/camz
- https://github.com/APPHIK/ip
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Alonzozzz/alonzzzo
- https://github.com/HimmelAward/Goby_POC
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/Nxychx/TVT-NVR
- https://github.com/NyxAzrael/Goby_POC
- https://github.com/Stealzoz/steal
- https://github.com/Teryila/DahuaConsole
- https://github.com/Teryila/NoteMeDahua
- https://github.com/WhaleFell/CameraHack
- https://github.com/Z0fhack/Goby_POC
- https://github.com/blkgzs/CameraHack
- https://github.com/bnhjuy77/tomde
- https://github.com/bp2008/DahuaLoginBypass
- https://github.com/bp2008/Index
- https://github.com/cyb3r-w0lf/nuclei-template-collection
- https://github.com/dongpohezui/cve-2021-33045
- https://github.com/jorhelp/Ingram
- https://github.com/kr4k0n/Ingram
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/mayur-esh/vuln-liners
- https://github.com/mcw0/DahuaConsole
- https://github.com/mcw0/PoC
- https://github.com/naycha/NVR-CONFIG
- https://github.com/naycha/TVT-NVR
- https://github.com/naycha/TVT-NVR-config
- https://github.com/naycha/TVT-config
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/nyctop/ing2
- https://github.com/readloud/PoC
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/zhanwang110/Ingram