Overview
An authentication bypass vulnerability exists in multiple Dahua products that allows attackers to bypass device identity authentication by sending malicious data packets during the login process. This vulnerability affects network surveillance and security camera products, enabling unauthorized access to affected devices. The vulnerability was disclosed on September 15, 2021. CISA has identified CVE-2021-33044 as being exploited but is not currently known to be used in ransomware campaigns.
Technical details
The vulnerability exists in the authentication mechanism of Dahua surveillance products. During the login process, the device validates user credentials through a handshake protocol. Attackers can craft malicious data packets that are processed by the authentication routine without proper validation of packet structure and authenticity. By manipulating the authentication protocol flow, an attacker can bypass the credential verification mechanism and gain unauthorized access to the device without providing valid credentials.
The vulnerability is classified as CWE-287 (Improper Authentication) andCWE-354 (Improper Validation of Extraneous Input) .
The vulnerability has received a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating its critical nature.
Impact
Successful exploitation allows an unauthenticated remote attacker to gain complete administrative access to the affected Dahua surveillance device. This enables the attacker to: view all recorded surveillance footage, modify or delete recordings, access camera feeds in real-time, change device settings and configurations, add unauthorized user accounts, disable security features, redirect video streams, potentially introduce malware to the device, and use the compromised device as a pivot point for further network attacks. For surveillance infrastructure, this represents a critical security breach with implications for privacy, physical security monitoring, and organizational security.
Mitigation and workarounds
Contact Dahua support or check the official Dahua security advisory portal for firmware updates specific to your device model. Download and install the latest available firmware through the device's web interface or via TFTP. Each product line (DVR, NVR, IP Camera, HCVR) has separate firmware updates. Ensure to back up configuration before updating. The following versions include the necessary fixes: Dahua firmware updates released June 2021 and later versions, DVR/NVR firmware versions released after June 2021, Specific version numbers vary by product line and region.
As temporary workarounds: restrict network access to dahua devices by implementing strict firewall rules. only allow trusted ip addresses/subnets to access the device management ports (37777/tcp, 37778/tcp, 80/tcp, 443/tcp). use network segmentation to isolate surveillance devices on a dedicated vlan.; disable remote access features and configure devices for local network access only. change default ports to non-standard values to reduce automated discovery., and monitor network traffic to and from surveillance devices for suspicious connection attempts or malformed packets on authentication ports..
CISA's recommendation: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional resources
Source: This report was generated using AI
