Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for xvr5xxx_firmware by dahuasecurity

    CVE-2021-33046 (GCVE-0-2021-33046)

    Vulnerability from nvd – Published: 2022-01-13 20:27 – Updated: 2024-08-03 23:42
    VLAI
    Summary
    Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.
    Severity
    No CVSS data available.
    CWE
    • Access control
    Assigner
    Impacted products
    Vendor Product Version
    n/a Access control vulnerability found in some Dahua products Affected: Dahua IP Camera devices IPC-HX3XXX, and IPC-HX5XXX
    Affected: PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL
    Affected: Thermal TPC-BF1241,TPC-BF2221, TPC-SD2221
    Affected: VTO2101E, VTOX221E, and ASC2204C devices Buildtime between 2017/7 ~ 2021/7. NVR devices NVR4XXX, and NVR5XXX
    Affected: XVR devices XVR4XXX, and XVR5XXX
    Affected: HCVR devices HCVR7XXX, and HCVR8XXX devices Buildtime between 2017/1 ~ 2021/7.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:42:19.550Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.dahuasecurity.com/support/cybersecurity/details/987"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.dahuatech.com/networkSecurity/securityDetails?id=95"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Access control vulnerability found in some Dahua products",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Dahua IP Camera devices IPC-HX3XXX, and IPC-HX5XXX"
                },
                {
                  "status": "affected",
                  "version": "PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL"
                },
                {
                  "status": "affected",
                  "version": "Thermal TPC-BF1241,TPC-BF2221, TPC-SD2221"
                },
                {
                  "status": "affected",
                  "version": "VTO2101E, VTOX221E, and ASC2204C devices Buildtime between 2017/7 ~ 2021/7.  NVR devices NVR4XXX, and NVR5XXX"
                },
                {
                  "status": "affected",
                  "version": "XVR devices XVR4XXX, and XVR5XXX"
                },
                {
                  "status": "affected",
                  "version": "HCVR devices HCVR7XXX, and HCVR8XXX devices Buildtime between 2017/1 ~ 2021/7."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Access control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-14T18:49:15.000Z",
            "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            "shortName": "dahua"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.dahuasecurity.com/support/cybersecurity/details/987"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.dahuatech.com/networkSecurity/securityDetails?id=95"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@dahuatech.com",
              "ID": "CVE-2021-33046",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Access control vulnerability found in some Dahua products",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Dahua IP Camera devices IPC-HX3XXX, and IPC-HX5XXX"
                              },
                              {
                                "version_value": "PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL"
                              },
                              {
                                "version_value": "Thermal TPC-BF1241,TPC-BF2221, TPC-SD2221"
                              },
                              {
                                "version_value": "VTO2101E, VTOX221E, and ASC2204C devices Buildtime between 2017/7 ~ 2021/7.  NVR devices NVR4XXX, and NVR5XXX"
                              },
                              {
                                "version_value": "XVR devices XVR4XXX, and XVR5XXX"
                              },
                              {
                                "version_value": "HCVR devices HCVR7XXX, and HCVR8XXX devices Buildtime between 2017/1 ~ 2021/7."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Access control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dahuasecurity.com/support/cybersecurity/details/957",
                  "refsource": "MISC",
                  "url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
                },
                {
                  "name": "https://www.dahuasecurity.com/support/cybersecurity/details/987",
                  "refsource": "CONFIRM",
                  "url": "https://www.dahuasecurity.com/support/cybersecurity/details/987"
                },
                {
                  "name": "https://support.dahuatech.com/networkSecurity/securityDetails?id=95",
                  "refsource": "CONFIRM",
                  "url": "https://support.dahuatech.com/networkSecurity/securityDetails?id=95"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "assignerShortName": "dahua",
        "cveId": "CVE-2021-33046",
        "datePublished": "2022-01-13T20:27:13.000Z",
        "dateReserved": "2021-05-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:42:19.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33046 (GCVE-0-2021-33046)

    Vulnerability from cvelistv5 – Published: 2022-01-13 20:27 – Updated: 2024-08-03 23:42
    VLAI
    Summary
    Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.
    Severity
    No CVSS data available.
    CWE
    • Access control
    Assigner
    Impacted products
    Vendor Product Version
    n/a Access control vulnerability found in some Dahua products Affected: Dahua IP Camera devices IPC-HX3XXX, and IPC-HX5XXX
    Affected: PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL
    Affected: Thermal TPC-BF1241,TPC-BF2221, TPC-SD2221
    Affected: VTO2101E, VTOX221E, and ASC2204C devices Buildtime between 2017/7 ~ 2021/7. NVR devices NVR4XXX, and NVR5XXX
    Affected: XVR devices XVR4XXX, and XVR5XXX
    Affected: HCVR devices HCVR7XXX, and HCVR8XXX devices Buildtime between 2017/1 ~ 2021/7.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:42:19.550Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.dahuasecurity.com/support/cybersecurity/details/987"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.dahuatech.com/networkSecurity/securityDetails?id=95"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Access control vulnerability found in some Dahua products",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Dahua IP Camera devices IPC-HX3XXX, and IPC-HX5XXX"
                },
                {
                  "status": "affected",
                  "version": "PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL"
                },
                {
                  "status": "affected",
                  "version": "Thermal TPC-BF1241,TPC-BF2221, TPC-SD2221"
                },
                {
                  "status": "affected",
                  "version": "VTO2101E, VTOX221E, and ASC2204C devices Buildtime between 2017/7 ~ 2021/7.  NVR devices NVR4XXX, and NVR5XXX"
                },
                {
                  "status": "affected",
                  "version": "XVR devices XVR4XXX, and XVR5XXX"
                },
                {
                  "status": "affected",
                  "version": "HCVR devices HCVR7XXX, and HCVR8XXX devices Buildtime between 2017/1 ~ 2021/7."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Access control",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-14T18:49:15.000Z",
            "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
            "shortName": "dahua"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.dahuasecurity.com/support/cybersecurity/details/987"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.dahuatech.com/networkSecurity/securityDetails?id=95"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cybersecurity@dahuatech.com",
              "ID": "CVE-2021-33046",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Access control vulnerability found in some Dahua products",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Dahua IP Camera devices IPC-HX3XXX, and IPC-HX5XXX"
                              },
                              {
                                "version_value": "PTZ Dome Camera SD1A1, SD22, SD49, SD50, SD52C, and SD6AL"
                              },
                              {
                                "version_value": "Thermal TPC-BF1241,TPC-BF2221, TPC-SD2221"
                              },
                              {
                                "version_value": "VTO2101E, VTOX221E, and ASC2204C devices Buildtime between 2017/7 ~ 2021/7.  NVR devices NVR4XXX, and NVR5XXX"
                              },
                              {
                                "version_value": "XVR devices XVR4XXX, and XVR5XXX"
                              },
                              {
                                "version_value": "HCVR devices HCVR7XXX, and HCVR8XXX devices Buildtime between 2017/1 ~ 2021/7."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Access control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dahuasecurity.com/support/cybersecurity/details/957",
                  "refsource": "MISC",
                  "url": "https://www.dahuasecurity.com/support/cybersecurity/details/957"
                },
                {
                  "name": "https://www.dahuasecurity.com/support/cybersecurity/details/987",
                  "refsource": "CONFIRM",
                  "url": "https://www.dahuasecurity.com/support/cybersecurity/details/987"
                },
                {
                  "name": "https://support.dahuatech.com/networkSecurity/securityDetails?id=95",
                  "refsource": "CONFIRM",
                  "url": "https://support.dahuatech.com/networkSecurity/securityDetails?id=95"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "assignerShortName": "dahua",
        "cveId": "CVE-2021-33046",
        "datePublished": "2022-01-13T20:27:13.000Z",
        "dateReserved": "2021-05-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:42:19.550Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }