CVE-2021-33044 – Dahua Technology / Multiple – Improper authentication

CVE-2021-33044 is an improper authentication vulnerability impacting multiple Dahua products. An exploit was observed in open source and a link to an exploit was shared in the underground.

Summary:

CVE-2021-33044 is an improper authentication vulnerability impacting multiple Dahua products. An exploit was observed in open source and a link to an exploit was shared in the underground.

PoC Links(if available):

GitHub commit exploit –
https://github.com/mcw0/DahuaConsole

Known Counter Measures:

Dahua Technology addressed the vulnerability in a security advisory with updated versions.

Links to patches(if available)

https://www.dahuasecurity.com/support/cybersecurity/details/957